devise 3.1.1 → 3.1.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: ..
|
3
3
|
specs:
|
4
|
-
devise (3.1.
|
4
|
+
devise (3.1.2)
|
5
5
|
bcrypt-ruby (~> 3.0)
|
6
6
|
orm_adapter (~> 0.1)
|
7
7
|
railties (>= 3.2.6, < 5)
|
@@ -39,7 +39,7 @@ GEM
|
|
39
39
|
i18n (~> 0.6, >= 0.6.4)
|
40
40
|
multi_json (~> 1.0)
|
41
41
|
arel (3.0.2)
|
42
|
-
atomic (1.1.
|
42
|
+
atomic (1.1.14)
|
43
43
|
bcrypt-ruby (3.1.2)
|
44
44
|
builder (3.0.4)
|
45
45
|
erubis (2.7.0)
|
@@ -125,7 +125,7 @@ GEM
|
|
125
125
|
tilt (~> 1.1, != 1.3.0)
|
126
126
|
sqlite3 (1.3.7)
|
127
127
|
thor (0.18.1)
|
128
|
-
thread_safe (0.1.
|
128
|
+
thread_safe (0.1.3)
|
129
129
|
atomic
|
130
130
|
tilt (1.4.1)
|
131
131
|
treetop (1.4.14)
|
@@ -47,19 +47,25 @@ module Devise
|
|
47
47
|
end
|
48
48
|
|
49
49
|
def sign_in
|
50
|
-
|
50
|
+
permit self.for(:sign_in)
|
51
51
|
end
|
52
52
|
|
53
53
|
def sign_up
|
54
|
-
|
54
|
+
permit self.for(:sign_up)
|
55
55
|
end
|
56
56
|
|
57
57
|
def account_update
|
58
|
-
|
58
|
+
permit self.for(:account_update)
|
59
59
|
end
|
60
60
|
|
61
61
|
private
|
62
62
|
|
63
|
+
# TODO: We do need to flatten so it works with strong_parameters
|
64
|
+
# gem. We should drop it once we move to Rails 4 only support.
|
65
|
+
def permit(keys)
|
66
|
+
default_params.permit(*Array(keys))
|
67
|
+
end
|
68
|
+
|
63
69
|
# Change for(kind) to return the values in the @permitted
|
64
70
|
# hash, allowing the developer to customize at runtime.
|
65
71
|
def default_for(kind)
|
@@ -5,13 +5,16 @@ module Devise
|
|
5
5
|
# Default strategy for signing in a user, based on his email and password in the database.
|
6
6
|
class DatabaseAuthenticatable < Authenticatable
|
7
7
|
def authenticate!
|
8
|
-
resource
|
9
|
-
|
8
|
+
resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
|
9
|
+
encrypted = false
|
10
10
|
|
11
|
-
if validate(resource){ resource.valid_password?(password) }
|
11
|
+
if validate(resource){ encrypted = true; resource.valid_password?(password) }
|
12
12
|
resource.after_database_authentication
|
13
13
|
success!(resource)
|
14
14
|
end
|
15
|
+
|
16
|
+
mapping.to.new.password = password if !encrypted && Devise.paranoid
|
17
|
+
fail(:not_found_in_database) unless resource
|
15
18
|
end
|
16
19
|
end
|
17
20
|
end
|
data/lib/devise/version.rb
CHANGED
@@ -68,5 +68,14 @@ if defined?(ActionController::StrongParameters)
|
|
68
68
|
sanitizer.sanitize(:unknown)
|
69
69
|
end
|
70
70
|
end
|
71
|
+
|
72
|
+
test 'passes parameters to filter as arguments to sanitizer' do
|
73
|
+
params = {user: stub}
|
74
|
+
sanitizer = Devise::ParameterSanitizer.new(User, :user, params)
|
75
|
+
|
76
|
+
params[:user].expects(:permit).with(kind_of(Symbol), kind_of(Symbol), kind_of(Symbol))
|
77
|
+
|
78
|
+
sanitizer.sanitize(:sign_in)
|
79
|
+
end
|
71
80
|
end
|
72
81
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.1.
|
4
|
+
version: 3.1.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2013-
|
13
|
+
date: 2013-11-13 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: warden
|