devise 4.1.1 → 5.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +68 -111
- data/MIT-LICENSE +2 -1
- data/README.md +315 -98
- data/app/controllers/devise/confirmations_controller.rb +3 -0
- data/app/controllers/devise/omniauth_callbacks_controller.rb +7 -5
- data/app/controllers/devise/passwords_controller.rb +10 -2
- data/app/controllers/devise/registrations_controller.rb +42 -20
- data/app/controllers/devise/sessions_controller.rb +9 -7
- data/app/controllers/devise/unlocks_controller.rb +3 -0
- data/app/controllers/devise_controller.rb +19 -3
- data/app/helpers/devise_helper.rb +3 -23
- data/app/mailers/devise/mailer.rb +10 -4
- data/app/views/devise/confirmations/new.html.erb +3 -3
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/passwords/edit.html.erb +6 -6
- data/app/views/devise/passwords/new.html.erb +4 -4
- data/app/views/devise/registrations/edit.html.erb +13 -10
- data/app/views/devise/registrations/new.html.erb +9 -9
- data/app/views/devise/sessions/new.html.erb +8 -8
- data/app/views/devise/shared/_error_messages.html.erb +15 -0
- data/app/views/devise/shared/_links.html.erb +13 -13
- data/app/views/devise/unlocks/new.html.erb +3 -3
- data/config/locales/en.yml +5 -2
- data/lib/devise/controllers/helpers.rb +24 -9
- data/lib/devise/controllers/rememberable.rb +3 -1
- data/lib/devise/controllers/responder.rb +35 -0
- data/lib/devise/controllers/scoped_views.rb +2 -0
- data/lib/devise/controllers/sign_in_out.rb +31 -21
- data/lib/devise/controllers/store_location.rb +25 -7
- data/lib/devise/controllers/url_helpers.rb +3 -1
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +2 -0
- data/lib/devise/failure_app.rb +71 -38
- data/lib/devise/hooks/activatable.rb +3 -1
- data/lib/devise/hooks/csrf_cleaner.rb +8 -1
- data/lib/devise/hooks/forgetable.rb +2 -0
- data/lib/devise/hooks/lockable.rb +4 -2
- data/lib/devise/hooks/proxy.rb +3 -1
- data/lib/devise/hooks/rememberable.rb +2 -0
- data/lib/devise/hooks/timeoutable.rb +5 -3
- data/lib/devise/hooks/trackable.rb +2 -0
- data/lib/devise/mailers/helpers.rb +15 -18
- data/lib/devise/mapping.rb +4 -2
- data/lib/devise/models/authenticatable.rb +58 -44
- data/lib/devise/models/confirmable.rb +52 -14
- data/lib/devise/models/database_authenticatable.rb +52 -20
- data/lib/devise/models/lockable.rb +19 -5
- data/lib/devise/models/omniauthable.rb +4 -2
- data/lib/devise/models/recoverable.rb +22 -21
- data/lib/devise/models/registerable.rb +4 -0
- data/lib/devise/models/rememberable.rb +6 -4
- data/lib/devise/models/timeoutable.rb +3 -1
- data/lib/devise/models/trackable.rb +15 -1
- data/lib/devise/models/validatable.rb +10 -6
- data/lib/devise/models.rb +4 -1
- data/lib/devise/modules.rb +2 -0
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +2 -51
- data/lib/devise/omniauth.rb +4 -5
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/orm.rb +80 -0
- data/lib/devise/parameter_filter.rb +4 -0
- data/lib/devise/parameter_sanitizer.rb +16 -58
- data/lib/devise/rails/routes.rb +12 -11
- data/lib/devise/rails/warden_compat.rb +2 -0
- data/lib/devise/rails.rb +16 -6
- data/lib/devise/strategies/authenticatable.rb +3 -1
- data/lib/devise/strategies/base.rb +2 -0
- data/lib/devise/strategies/database_authenticatable.rb +8 -1
- data/lib/devise/strategies/rememberable.rb +2 -0
- data/lib/devise/test/controller_helpers.rb +156 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/time_inflector.rb +2 -0
- data/lib/devise/token_generator.rb +2 -0
- data/lib/devise/version.rb +3 -1
- data/lib/devise.rb +69 -28
- data/lib/generators/active_record/devise_generator.rb +38 -16
- data/lib/generators/active_record/templates/migration.rb +3 -1
- data/lib/generators/active_record/templates/migration_existing.rb +2 -0
- data/lib/generators/devise/controllers_generator.rb +4 -2
- data/lib/generators/devise/devise_generator.rb +5 -3
- data/lib/generators/devise/install_generator.rb +3 -5
- data/lib/generators/devise/orm_helpers.rb +5 -3
- data/lib/generators/devise/views_generator.rb +8 -9
- data/lib/generators/mongoid/devise_generator.rb +7 -5
- data/lib/generators/templates/README +9 -8
- data/lib/generators/templates/controllers/confirmations_controller.rb +2 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +3 -1
- data/lib/generators/templates/controllers/passwords_controller.rb +2 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +4 -2
- data/lib/generators/templates/controllers/sessions_controller.rb +3 -1
- data/lib/generators/templates/controllers/unlocks_controller.rb +2 -0
- data/lib/generators/templates/devise.rb +59 -11
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +2 -2
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +5 -1
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +10 -2
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +5 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +12 -4
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +11 -3
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +7 -2
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +4 -1
- metadata +23 -302
- data/.gitignore +0 -10
- data/.travis.yml +0 -44
- data/.yardopts +0 -9
- data/CODE_OF_CONDUCT.md +0 -22
- data/CONTRIBUTING.md +0 -16
- data/Gemfile +0 -30
- data/Gemfile.lock +0 -182
- data/Rakefile +0 -36
- data/bin/test +0 -13
- data/devise.gemspec +0 -26
- data/devise.png +0 -0
- data/gemfiles/Gemfile.rails-4.1-stable +0 -30
- data/gemfiles/Gemfile.rails-4.1-stable.lock +0 -170
- data/gemfiles/Gemfile.rails-4.2-stable +0 -30
- data/gemfiles/Gemfile.rails-4.2-stable.lock +0 -192
- data/gemfiles/Gemfile.rails-5.0-beta +0 -37
- data/gemfiles/Gemfile.rails-5.0-beta.lock +0 -199
- data/lib/devise/test_helpers.rb +0 -137
- data/test/controllers/custom_registrations_controller_test.rb +0 -40
- data/test/controllers/custom_strategy_test.rb +0 -64
- data/test/controllers/helper_methods_test.rb +0 -22
- data/test/controllers/helpers_test.rb +0 -316
- data/test/controllers/inherited_controller_i18n_messages_test.rb +0 -51
- data/test/controllers/internal_helpers_test.rb +0 -127
- data/test/controllers/load_hooks_controller_test.rb +0 -19
- data/test/controllers/passwords_controller_test.rb +0 -32
- data/test/controllers/sessions_controller_test.rb +0 -106
- data/test/controllers/url_helpers_test.rb +0 -65
- data/test/delegator_test.rb +0 -19
- data/test/devise_test.rb +0 -107
- data/test/failure_app_test.rb +0 -320
- data/test/generators/active_record_generator_test.rb +0 -83
- data/test/generators/controllers_generator_test.rb +0 -48
- data/test/generators/devise_generator_test.rb +0 -39
- data/test/generators/install_generator_test.rb +0 -24
- data/test/generators/mongoid_generator_test.rb +0 -23
- data/test/generators/views_generator_test.rb +0 -103
- data/test/helpers/devise_helper_test.rb +0 -49
- data/test/integration/authenticatable_test.rb +0 -698
- data/test/integration/confirmable_test.rb +0 -324
- data/test/integration/database_authenticatable_test.rb +0 -95
- data/test/integration/http_authenticatable_test.rb +0 -106
- data/test/integration/lockable_test.rb +0 -240
- data/test/integration/omniauthable_test.rb +0 -135
- data/test/integration/recoverable_test.rb +0 -347
- data/test/integration/registerable_test.rb +0 -357
- data/test/integration/rememberable_test.rb +0 -211
- data/test/integration/timeoutable_test.rb +0 -184
- data/test/integration/trackable_test.rb +0 -92
- data/test/mailers/confirmation_instructions_test.rb +0 -115
- data/test/mailers/reset_password_instructions_test.rb +0 -96
- data/test/mailers/unlock_instructions_test.rb +0 -91
- data/test/mapping_test.rb +0 -134
- data/test/models/authenticatable_test.rb +0 -23
- data/test/models/confirmable_test.rb +0 -511
- data/test/models/database_authenticatable_test.rb +0 -269
- data/test/models/lockable_test.rb +0 -350
- data/test/models/omniauthable_test.rb +0 -7
- data/test/models/recoverable_test.rb +0 -251
- data/test/models/registerable_test.rb +0 -7
- data/test/models/rememberable_test.rb +0 -169
- data/test/models/serializable_test.rb +0 -49
- data/test/models/timeoutable_test.rb +0 -51
- data/test/models/trackable_test.rb +0 -41
- data/test/models/validatable_test.rb +0 -119
- data/test/models_test.rb +0 -153
- data/test/omniauth/config_test.rb +0 -57
- data/test/omniauth/url_helpers_test.rb +0 -51
- data/test/orm/active_record.rb +0 -17
- data/test/orm/mongoid.rb +0 -13
- data/test/parameter_sanitizer_test.rb +0 -131
- data/test/rails_app/Rakefile +0 -6
- data/test/rails_app/app/active_record/admin.rb +0 -6
- data/test/rails_app/app/active_record/shim.rb +0 -2
- data/test/rails_app/app/active_record/user.rb +0 -7
- data/test/rails_app/app/active_record/user_on_engine.rb +0 -7
- data/test/rails_app/app/active_record/user_on_main_app.rb +0 -7
- data/test/rails_app/app/active_record/user_without_email.rb +0 -8
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -6
- data/test/rails_app/app/controllers/admins_controller.rb +0 -6
- data/test/rails_app/app/controllers/application_controller.rb +0 -11
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +0 -30
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +0 -31
- data/test/rails_app/app/controllers/home_controller.rb +0 -29
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -2
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -2
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -14
- data/test/rails_app/app/controllers/users_controller.rb +0 -31
- data/test/rails_app/app/helpers/application_helper.rb +0 -3
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +0 -3
- data/test/rails_app/app/mailers/users/mailer.rb +0 -3
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +0 -4
- data/test/rails_app/app/mongoid/admin.rb +0 -29
- data/test/rails_app/app/mongoid/shim.rb +0 -23
- data/test/rails_app/app/mongoid/user.rb +0 -39
- data/test/rails_app/app/mongoid/user_on_engine.rb +0 -39
- data/test/rails_app/app/mongoid/user_on_main_app.rb +0 -39
- data/test/rails_app/app/mongoid/user_without_email.rb +0 -33
- data/test/rails_app/app/views/admins/index.html.erb +0 -1
- data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/home/index.html.erb +0 -1
- data/test/rails_app/app/views/home/join.html.erb +0 -1
- data/test/rails_app/app/views/home/private.html.erb +0 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/layouts/application.html.erb +0 -24
- data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
- data/test/rails_app/app/views/users/index.html.erb +0 -1
- data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
- data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
- data/test/rails_app/bin/bundle +0 -3
- data/test/rails_app/bin/rails +0 -4
- data/test/rails_app/bin/rake +0 -4
- data/test/rails_app/config/application.rb +0 -44
- data/test/rails_app/config/boot.rb +0 -14
- data/test/rails_app/config/database.yml +0 -18
- data/test/rails_app/config/environment.rb +0 -5
- data/test/rails_app/config/environments/development.rb +0 -30
- data/test/rails_app/config/environments/production.rb +0 -84
- data/test/rails_app/config/environments/test.rb +0 -46
- data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -7
- data/test/rails_app/config/initializers/devise.rb +0 -180
- data/test/rails_app/config/initializers/inflections.rb +0 -2
- data/test/rails_app/config/initializers/secret_token.rb +0 -3
- data/test/rails_app/config/initializers/session_store.rb +0 -1
- data/test/rails_app/config/routes.rb +0 -126
- data/test/rails_app/config.ru +0 -4
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -71
- data/test/rails_app/db/schema.rb +0 -55
- data/test/rails_app/lib/shared_admin.rb +0 -17
- data/test/rails_app/lib/shared_user.rb +0 -30
- data/test/rails_app/lib/shared_user_without_email.rb +0 -26
- data/test/rails_app/lib/shared_user_without_omniauth.rb +0 -13
- data/test/rails_app/public/404.html +0 -26
- data/test/rails_app/public/422.html +0 -26
- data/test/rails_app/public/500.html +0 -26
- data/test/rails_app/public/favicon.ico +0 -0
- data/test/rails_test.rb +0 -9
- data/test/routes_test.rb +0 -279
- data/test/support/action_controller/record_identifier.rb +0 -10
- data/test/support/assertions.rb +0 -39
- data/test/support/helpers.rb +0 -77
- data/test/support/http_method_compatibility.rb +0 -51
- data/test/support/integration.rb +0 -92
- data/test/support/locale/en.yml +0 -8
- data/test/support/mongoid.yml +0 -6
- data/test/support/webrat/integrations/rails.rb +0 -33
- data/test/test_helper.rb +0 -34
- data/test/test_helpers_test.rb +0 -178
- data/test/test_models.rb +0 -33
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: c67cfd3438b138fe40dfed1f4898b40b9b1469dbd2d7b4858496110bd3d6a970
|
|
4
|
+
data.tar.gz: f5e280e647b29a59a52bb6064d30601b053b97f84a1bd2418e998e0454edb57c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 245df1de08dc984a0caf07700690aa0a2325592b1873bd0ee4ffb539c9b1725b592907b2e3174ad7c48c9c03b40d2c741c52866338949474ee77156ae5a6862c
|
|
7
|
+
data.tar.gz: 54f318f2e72de3d5744e07fd74a17eaa8605034ebbd0e7c66e42dcac7813d901804a02be6bfe758c22ef2f804aba9d3807de69affa9d6706ee857450940d57af
|
data/CHANGELOG.md
CHANGED
|
@@ -1,131 +1,88 @@
|
|
|
1
|
-
###
|
|
1
|
+
### 5.0.4 - 2026-05-08
|
|
2
2
|
|
|
3
|
-
*
|
|
4
|
-
* Fix
|
|
3
|
+
* security fixes
|
|
4
|
+
* Fix open redirect in `FailureApp` via unvalidated `Referer` header on non-GET session timeout. CVE-2026-40295 [GHSA-jp94-3292-c3xv](https://github.com/heartcombo/devise/security/advisories/GHSA-jp94-3292-c3xv)
|
|
5
5
|
|
|
6
|
-
###
|
|
6
|
+
### 5.0.3 - 2026-03-16
|
|
7
7
|
|
|
8
|
-
*
|
|
9
|
-
* Fix race condition
|
|
10
|
-
Using the previous `after_create` callback, the e-mail can be sent before
|
|
11
|
-
the record be committed on database, generating a `ActiveRecord::NotFound` error.
|
|
12
|
-
Now the confirmation e-mail will be only sent after the database commit,
|
|
13
|
-
using the `after_commit` callback.
|
|
14
|
-
It may break your test suite on Rails 4 if you are testing the sent e-mails
|
|
15
|
-
or enqueued jobs using transactional fixtures enabled or `DatabaseCleaner` with `transaction` strategy.
|
|
16
|
-
You can easily fix your test suite using the gem
|
|
17
|
-
[test_after_commit](https://github.com/grosser/test_after_commit). For example, put in your Gemfile:
|
|
18
|
-
|
|
19
|
-
```ruby
|
|
20
|
-
gem 'test_after_commit', :group => :test
|
|
21
|
-
```
|
|
8
|
+
* security fixes
|
|
9
|
+
* Fix race condition vulnerability on confirmable "change email" which would allow confirming an email they don't own CVE-2026-32700 [GHSA-57hq-95w6-v4fc](https://github.com/heartcombo/devise/security/advisories/GHSA-57hq-95w6-v4fc) [#5783](https://github.com/heartcombo/devise/pull/5783) [#5784](https://github.com/heartcombo/devise/pull/5784)
|
|
22
10
|
|
|
23
|
-
|
|
24
|
-
fixtures, then this fix will not break your test suite. If you are using `DatabaseCleaner` with the `deletion` or `truncation` strategies it may not break your tests. (by @allenwq)
|
|
25
|
-
* Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none` and
|
|
26
|
-
`:undefined` strategies. (by @f3ndot)
|
|
27
|
-
* features
|
|
28
|
-
* Humanize authentication keys in failure flash message (by @byzg)
|
|
29
|
-
When you are configuring the translations of `devise.failure.invalid`, the
|
|
30
|
-
`authentication_keys` is translated now.
|
|
31
|
-
* deprecations
|
|
32
|
-
* Remove code supporting old session serialization format (by @fphilipe).
|
|
33
|
-
* Now the `email_regexp` default uses a more permissive regex:
|
|
34
|
-
`/\A[^@\s]+@[^@\s]+\z/` (by @kimgb)
|
|
35
|
-
* Now the `strip_whitespace_keys` default is `[:email]` (by @ulissesalmeida)
|
|
36
|
-
* Now the `reconfirmable` default is `true` (by @ulissesalmeida)
|
|
37
|
-
* Now the `skip_session_storage` default is `[:http_auth]` (by @ulissesalmeida)
|
|
38
|
-
* Now the `sign_out_via` default is `:delete` (by @ulissesalmeida)
|
|
39
|
-
* improvements
|
|
40
|
-
* Avoids extra computation of friendly token for confirmation token (by @sbc100)
|
|
41
|
-
|
|
42
|
-
### 4.0.2 - 2016-05-02
|
|
11
|
+
### 5.0.2 - 2026-02-18
|
|
43
12
|
|
|
44
|
-
*
|
|
45
|
-
*
|
|
46
|
-
|
|
13
|
+
* enhancements
|
|
14
|
+
* Allow resource class scopes to override the global configuration for `sign_in_after_change_password` behaviour. [#5825](https://github.com/heartcombo/devise/pull/5825)
|
|
15
|
+
* _Note_: some users ran into an issue with this change because `RegistrationsController` now relies on a setting from the `:registerable` module. These users were configuring their own routes pointing to the `RegistrationsController` for resource edit/update actions mostly, without relying on the other registration actions (e.g. user sign up.), so they omitted `:registerable` from the model declaration. While using just a portion of the controller functionality is a valid use for `:registerable` (or any module really), the module must still be declared in the model, much like the other modules must be declared if you plan on using just a portion of their behavior. Please check [this issue](https://github.com/heartcombo/devise/pull/5828#issuecomment-3926822788) for more info.
|
|
16
|
+
* Add `sign_in_after_reset_password?` check hook to passwords controller, to allow it to be customized by users. [#5826](https://github.com/heartcombo/devise/pull/5826)
|
|
47
17
|
|
|
48
|
-
###
|
|
18
|
+
### 5.0.1 - 2026-02-13
|
|
49
19
|
|
|
50
20
|
* bug fixes
|
|
51
|
-
* Fix
|
|
52
|
-
address from nil. (by @lmduc)
|
|
53
|
-
* Remove unnecessary `attribute_will_change!` call. (by @cadejscroggins)
|
|
54
|
-
* Consistent `permit!` check. (by @ulissesalmeida)
|
|
21
|
+
* Fix translation issue with German `E-Mail` on invalid authentication messages caused by previous fix for incorrect grammar [#5822](https://github.com/heartcombo/devise/pull/5822)
|
|
55
22
|
|
|
56
|
-
###
|
|
23
|
+
### 5.0.0 - 2026-01-23
|
|
57
24
|
|
|
58
|
-
|
|
59
|
-
* Fix the `extend_remember_period` configuration. When set to `false` it does
|
|
60
|
-
not update the cookie expiration anymore.(by @ulissesalmeida)
|
|
61
|
-
|
|
62
|
-
* deprecations
|
|
63
|
-
* Added a warning of default value change in Devise 4.1 for users that uses
|
|
64
|
-
the the default configuration of the following configurations: (by @ulissesalmeida)
|
|
65
|
-
* `strip_whitespace_keys` - The default will be `[:email]`.
|
|
66
|
-
* `skip_session_storage` - The default will be `[:http_auth]`.
|
|
67
|
-
* `sign_out_via` - The default will be `:delete`.
|
|
68
|
-
* `reconfirmable` - The default will be `true`.
|
|
69
|
-
* `email_regexp` - The default will be `/\A[^@\s]+@[^@\s]+\z/`.
|
|
70
|
-
* Removed deprecated argument of `Devise::Models::Rememberable#remember_me!` (by @ulissesalmeida)
|
|
71
|
-
* Removed deprecated private method Devise::Controllers::Helpers#expire_session_data_after_sign_in!
|
|
72
|
-
(by @bogdanvlviv)
|
|
73
|
-
|
|
74
|
-
### 4.0.0.rc2 - 2016-03-09
|
|
25
|
+
no changes
|
|
75
26
|
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
*
|
|
80
|
-
|
|
81
|
-
*
|
|
82
|
-
|
|
83
|
-
*
|
|
84
|
-
*
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
* Devise no longer supports Ruby 1.9 and 2.0.
|
|
94
|
-
|
|
95
|
-
* deprecations
|
|
96
|
-
* The `devise_parameter_sanitize` API has changed:
|
|
97
|
-
The `for` method was deprecated in favor of `permit`:
|
|
98
|
-
|
|
99
|
-
```ruby
|
|
100
|
-
def configure_permitted_parameters
|
|
101
|
-
devise_parameter_sanitizer.for(:sign_up) << :subscribe_newsletter
|
|
102
|
-
# Should become the following.
|
|
103
|
-
devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter])
|
|
104
|
-
end
|
|
27
|
+
### 5.0.0.rc - 2025-12-31
|
|
28
|
+
|
|
29
|
+
* breaking changes
|
|
30
|
+
* Drop support to Ruby < 2.7
|
|
31
|
+
* Drop support to Rails < 7.0
|
|
32
|
+
* Remove deprecated `:bypass` option from `sign_in` helper, use `bypass_sign_in` instead. [#5803](https://github.com/heartcombo/devise/pull/5803)
|
|
33
|
+
* Remove deprecated `devise_error_messages!` helper, use `render "devise/shared/error_messages", resource: resource` instead. [#5803](https://github.com/heartcombo/devise/pull/5803)
|
|
34
|
+
* Remove deprecated `scope` second argument from `sign_in(resource, :admin)` controller test helper, use `sign_in(resource, scope: :admin)` instead. [#5803](https://github.com/heartcombo/devise/pull/5803)
|
|
35
|
+
* Remove deprecated `Devise::TestHelpers`, use `Devise::Test::ControllerHelpers` instead. [#5803](https://github.com/heartcombo/devise/pull/5803)
|
|
36
|
+
* Remove deprecated `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` [#5598](https://github.com/heartcombo/devise/pull/5598)
|
|
37
|
+
* Remove deprecated `Devise.activerecord51?` method.
|
|
38
|
+
* Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided.
|
|
39
|
+
|
|
40
|
+
This is potentially a breaking change because Devise previously used the following order to find a secret key:
|
|
41
|
+
|
|
42
|
+
```
|
|
43
|
+
app.credentials.secret_key_base > app.secrets.secret_key_base > application.config.secret_key_base > application.secret_key_base
|
|
105
44
|
```
|
|
106
45
|
|
|
107
|
-
|
|
108
|
-
|
|
46
|
+
Now, it always uses `application.secret_key_base`. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for `recoverable`, `lockable`, and `confirmable` will be invalid.
|
|
47
|
+
[#5645](https://github.com/heartcombo/devise/pull/5645)
|
|
48
|
+
* Change password instructions button label on devise view from `Send me reset password instructions` to `Send me password reset instructions` [#5515](https://github.com/heartcombo/devise/pull/5515)
|
|
49
|
+
* Change `<br>` tags separating form elements to wrapping them in `<p>` tags [#5494](https://github.com/heartcombo/devise/pull/5494)
|
|
50
|
+
* Replace `[data-turbo-cache=false]` with `[data-turbo-temporary]` on `devise/shared/error_messages` partial. This has been [deprecated by Turbo since v7.3.0 (released on Mar 1, 2023)](https://github.com/hotwired/turbo/releases/tag/v7.3.0).
|
|
109
51
|
|
|
110
|
-
|
|
111
|
-
class User::ParameterSanitizer < Devise::ParameterSanitizer
|
|
112
|
-
def sign_up
|
|
113
|
-
default_params.permit(:username, :email)
|
|
114
|
-
end
|
|
115
|
-
end
|
|
52
|
+
If you are using an older version of Turbo and the default devise template, you'll need to copy it over to your app and change that back to `[data-turbo-cache=false]`.
|
|
116
53
|
|
|
117
|
-
|
|
54
|
+
* enhancements
|
|
55
|
+
* Add Rails 8 support.
|
|
56
|
+
- Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. [#5728](https://github.com/heartcombo/devise/pull/5728)
|
|
57
|
+
* New apps using Rack 3.1+ will be generated using `config.responder.error_status = :unprocessable_content`, since [`:unprocessable_entity` has been deprecated by Rack](https://github.com/rack/rack/pull/2137).
|
|
58
|
+
|
|
59
|
+
Latest versions of [Rails transparently convert `:unprocessable_entity` -> `:unprocessable_content`](https://github.com/rails/rails/pull/53383), and Devise will use that in the failure app to avoid Rack deprecation warnings for apps that are configured with `:unprocessable_entity`. They can also simply change their `error_status` to `:unprocessable_content` in latest Rack versions to avoid the warning.
|
|
60
|
+
* Add Ruby 3.4 and 4.0 support.
|
|
61
|
+
* Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. [#5568](https://github.com/heartcombo/devise/pull/5568)
|
|
62
|
+
* Password length validator is changed from
|
|
63
|
+
|
|
64
|
+
```
|
|
65
|
+
validates_length_of :password, within: password_length, allow_blank: true`
|
|
66
|
+
```
|
|
118
67
|
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
end
|
|
124
|
-
end
|
|
68
|
+
to
|
|
69
|
+
|
|
70
|
+
```
|
|
71
|
+
validates_length_of :password, minimum: proc { password_length.min }, maximum: proc { password_length.max }, allow_blank: true
|
|
125
72
|
```
|
|
126
73
|
|
|
127
|
-
|
|
128
|
-
|
|
74
|
+
so it's possible to override `password_length` at runtime. [#5734](https://github.com/heartcombo/devise/pull/5734)
|
|
75
|
+
|
|
76
|
+
* bug fixes
|
|
77
|
+
* Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used. [#5731](https://github.com/heartcombo/devise/pull/5731)
|
|
78
|
+
* Handle defaults `:from` and `:reply_to` as procs correctly by delegating to Rails [#5595](https://github.com/heartcombo/devise/pull/5595)
|
|
79
|
+
* Use `OmniAuth.config.allowed_request_methods` as routing verbs for the auth path [#5508](https://github.com/heartcombo/devise/pull/5508)
|
|
80
|
+
* Handle `on` and `ON` as true values to check params [#5514](https://github.com/heartcombo/devise/pull/5514)
|
|
81
|
+
* Fix passing `format` option to `devise_for` [#5732](https://github.com/heartcombo/devise/pull/5732)
|
|
82
|
+
* Use `ActiveRecord::SecurityUtils.secure_compare` in `Devise.secure_compare` to match two empty strings correctly. [#4829](https://github.com/heartcombo/devise/pull/4829)
|
|
83
|
+
* Respond with `401 Unauthorized` for non-navigational requests to destroy the session when there is no authenticated resource. [#4878](https://github.com/heartcombo/devise/pull/4878)
|
|
84
|
+
* Fix incorrect grammar of invalid authentication message with capitalized attributes, e.g.: "Invalid Email or password" => "Invalid email or password". (originally introduced by [#4014](https://github.com/heartcombo/devise/pull/4014), released on v4.1.0) [#4834](https://github.com/heartcombo/devise/pull/4834)
|
|
85
|
+
|
|
129
86
|
|
|
130
|
-
Please check [
|
|
87
|
+
Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md)
|
|
131
88
|
for previous changes.
|
data/MIT-LICENSE
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
Copyright
|
|
1
|
+
Copyright (c) 2020-CURRENT Rafael França, Carlos Antonio da Silva
|
|
2
|
+
Copyright (c) 2009-2019 Plataformatec
|
|
2
3
|
|
|
3
4
|
Permission is hereby granted, free of charge, to any person obtaining
|
|
4
5
|
a copy of this software and associated documentation files (the
|