Commit 64e6a134bca8000502b93aedbad6b5175bbbb951
Committed by
Rafael Manzo
Rafael Manzo
1 parent
26b0fae5
Exists in
colab
and in
4 other branches
Updated devise to 3.1.0.
Showing
8 changed files
with
24 additions
and
11 deletions
Show diff stats
Gemfile
| @@ -34,7 +34,7 @@ gem 'turbolinks' | @@ -34,7 +34,7 @@ gem 'turbolinks' | ||
| 34 | gem 'jbuilder', '~> 1.2' | 34 | gem 'jbuilder', '~> 1.2' |
| 35 | 35 | ||
| 36 | # For user authentication and everything else | 36 | # For user authentication and everything else |
| 37 | -gem 'devise', '~> 3.0.0' | 37 | +gem 'devise', '~> 3.1.0' |
| 38 | 38 | ||
| 39 | # Kalibro integration | 39 | # Kalibro integration |
| 40 | gem 'kalibro_entities', git: 'https://github.com/mezuro/kalibro_entities.git' #When the first version of KalibroEntities come out, do not keep using the git repository | 40 | gem 'kalibro_entities', git: 'https://github.com/mezuro/kalibro_entities.git' #When the first version of KalibroEntities come out, do not keep using the git repository |
Gemfile.lock
| @@ -71,10 +71,11 @@ GEM | @@ -71,10 +71,11 @@ GEM | ||
| 71 | nokogiri (>= 1.5.0) | 71 | nokogiri (>= 1.5.0) |
| 72 | rails (>= 3.0.0) | 72 | rails (>= 3.0.0) |
| 73 | database_cleaner (1.1.1) | 73 | database_cleaner (1.1.1) |
| 74 | - devise (3.0.3) | 74 | + devise (3.1.0) |
| 75 | bcrypt-ruby (~> 3.0) | 75 | bcrypt-ruby (~> 3.0) |
| 76 | orm_adapter (~> 0.1) | 76 | orm_adapter (~> 0.1) |
| 77 | railties (>= 3.2.6, < 5) | 77 | railties (>= 3.2.6, < 5) |
| 78 | + thread_safe (~> 0.1) | ||
| 78 | warden (~> 1.2.3) | 79 | warden (~> 1.2.3) |
| 79 | diff-lcs (1.2.4) | 80 | diff-lcs (1.2.4) |
| 80 | erubis (2.7.0) | 81 | erubis (2.7.0) |
| @@ -229,7 +230,7 @@ DEPENDENCIES | @@ -229,7 +230,7 @@ DEPENDENCIES | ||
| 229 | cucumber (= 1.3.2) | 230 | cucumber (= 1.3.2) |
| 230 | cucumber-rails (~> 1.4.0) | 231 | cucumber-rails (~> 1.4.0) |
| 231 | database_cleaner | 232 | database_cleaner |
| 232 | - devise (~> 3.0.0) | 233 | + devise (~> 3.1.0) |
| 233 | factory_girl_rails | 234 | factory_girl_rails |
| 234 | jbuilder (~> 1.2) | 235 | jbuilder (~> 1.2) |
| 235 | jquery-rails | 236 | jquery-rails |
app/views/devise/mailer/confirmation_instructions.html.erb
| @@ -2,4 +2,4 @@ | @@ -2,4 +2,4 @@ | ||
| 2 | 2 | ||
| 3 | <p>You can confirm your account email through the link below:</p> | 3 | <p>You can confirm your account email through the link below:</p> |
| 4 | 4 | ||
| 5 | -<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p> | 5 | +<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %></p> |
app/views/devise/mailer/reset_password_instructions.html.erb
| @@ -2,7 +2,7 @@ | @@ -2,7 +2,7 @@ | ||
| 2 | 2 | ||
| 3 | <p>Someone has requested a link to change your password. You can do this through the link below.</p> | 3 | <p>Someone has requested a link to change your password. You can do this through the link below.</p> |
| 4 | 4 | ||
| 5 | -<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p> | 5 | +<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %></p> |
| 6 | 6 | ||
| 7 | <p>If you didn't request this, please ignore this email.</p> | 7 | <p>If you didn't request this, please ignore this email.</p> |
| 8 | <p>Your password won't change until you access the link above and create a new one.</p> | 8 | <p>Your password won't change until you access the link above and create a new one.</p> |
app/views/devise/mailer/unlock_instructions.html.erb
| @@ -4,4 +4,4 @@ | @@ -4,4 +4,4 @@ | ||
| 4 | 4 | ||
| 5 | <p>Click the link below to unlock your account:</p> | 5 | <p>Click the link below to unlock your account:</p> |
| 6 | 6 | ||
| 7 | -<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p> | 7 | +<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %></p> |
app/views/devise/shared/_links.erb
| @@ -6,7 +6,7 @@ | @@ -6,7 +6,7 @@ | ||
| 6 | <%= link_to "Sign up", new_registration_path(resource_name) %><br /> | 6 | <%= link_to "Sign up", new_registration_path(resource_name) %><br /> |
| 7 | <% end -%> | 7 | <% end -%> |
| 8 | 8 | ||
| 9 | -<%- if devise_mapping.recoverable? && controller_name != 'passwords' %> | 9 | +<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> |
| 10 | <%= link_to "Forgot your password?", new_password_path(resource_name) %><br /> | 10 | <%= link_to "Forgot your password?", new_password_path(resource_name) %><br /> |
| 11 | <% end -%> | 11 | <% end -%> |
| 12 | 12 | ||
| @@ -22,4 +22,4 @@ | @@ -22,4 +22,4 @@ | ||
| 22 | <%- resource_class.omniauth_providers.each do |provider| %> | 22 | <%- resource_class.omniauth_providers.each do |provider| %> |
| 23 | <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br /> | 23 | <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br /> |
| 24 | <% end -%> | 24 | <% end -%> |
| 25 | -<% end -%> | ||
| 26 | \ No newline at end of file | 25 | \ No newline at end of file |
| 26 | +<% end -%> |
config/initializers/devise.rb
| 1 | # Use this hook to configure devise mailer, warden hooks and so forth. | 1 | # Use this hook to configure devise mailer, warden hooks and so forth. |
| 2 | # Many of these configuration options can be set straight in your model. | 2 | # Many of these configuration options can be set straight in your model. |
| 3 | Devise.setup do |config| | 3 | Devise.setup do |config| |
| 4 | + # The secret key used by Devise. Devise uses this key to generate | ||
| 5 | + # random tokens. Changing this key will render invalid all existing | ||
| 6 | + # confirmation, reset password and unlock tokens in the database. | ||
| 7 | + config.secret_key = '24dea7d0a57b542793cd6ed3a05fd51178530c893524ab49f4c095f3d7c77483b00d09200aed92a194d073bf785fcbc96e5e7953ab3550e2e4aea41d117c06d6' | ||
| 8 | + | ||
| 4 | # ==> Mailer Configuration | 9 | # ==> Mailer Configuration |
| 5 | # Configure the e-mail address which will be shown in Devise::Mailer, | 10 | # Configure the e-mail address which will be shown in Devise::Mailer, |
| 6 | # note that it will be overwritten if you use your own mailer class with default "from" parameter. | 11 | # note that it will be overwritten if you use your own mailer class with default "from" parameter. |
| @@ -76,6 +81,12 @@ Devise.setup do |config| | @@ -76,6 +81,12 @@ Devise.setup do |config| | ||
| 76 | # passing :skip => :sessions to `devise_for` in your config/routes.rb | 81 | # passing :skip => :sessions to `devise_for` in your config/routes.rb |
| 77 | config.skip_session_storage = [:http_auth] | 82 | config.skip_session_storage = [:http_auth] |
| 78 | 83 | ||
| 84 | + # By default, Devise cleans up the CSRF token on authentication to | ||
| 85 | + # avoid CSRF token fixation attacks. This means that, when using AJAX | ||
| 86 | + # requests for sign in and sign up, you need to get a new CSRF token | ||
| 87 | + # from the server. You can disable this option at your own risk. | ||
| 88 | + # config.clean_up_csrf_token_on_authentication = true | ||
| 89 | + | ||
| 79 | # ==> Configuration for :database_authenticatable | 90 | # ==> Configuration for :database_authenticatable |
| 80 | # For bcrypt, this is the cost for hashing the password and defaults to 10. If | 91 | # For bcrypt, this is the cost for hashing the password and defaults to 10. If |
| 81 | # using other encryptors, it sets how many times you want the password re-encrypted. | 92 | # using other encryptors, it sets how many times you want the password re-encrypted. |
config/locales/devise.en.yml
| @@ -3,17 +3,18 @@ | @@ -3,17 +3,18 @@ | ||
| 3 | en: | 3 | en: |
| 4 | devise: | 4 | devise: |
| 5 | confirmations: | 5 | confirmations: |
| 6 | - confirmed: "Your account was successfully confirmed. You are now signed in." | 6 | + confirmed: "Your account was successfully confirmed. Please sign in." |
| 7 | + confirmed_and_signed_in: "Your account was successfully confirmed. You are now signed in." | ||
| 7 | send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes." | 8 | send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes." |
| 8 | send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." | 9 | send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." |
| 9 | failure: | 10 | failure: |
| 10 | already_authenticated: "You are already signed in." | 11 | already_authenticated: "You are already signed in." |
| 11 | - inactive: "Your account was not activated yet." | 12 | + inactive: "Your account is not activated yet." |
| 12 | invalid: "Invalid email or password." | 13 | invalid: "Invalid email or password." |
| 13 | invalid_token: "Invalid authentication token." | 14 | invalid_token: "Invalid authentication token." |
| 14 | locked: "Your account is locked." | 15 | locked: "Your account is locked." |
| 15 | not_found_in_database: "Invalid email or password." | 16 | not_found_in_database: "Invalid email or password." |
| 16 | - timeout: "Your session expired, please sign in again to continue." | 17 | + timeout: "Your session expired. Please sign in again to continue." |
| 17 | unauthenticated: "You need to sign in or sign up before continuing." | 18 | unauthenticated: "You need to sign in or sign up before continuing." |
| 18 | unconfirmed: "You have to confirm your account before continuing." | 19 | unconfirmed: "You have to confirm your account before continuing." |
| 19 | mailer: | 20 | mailer: |