Fix password reset for records where confirmation_required? is disabled and
confirmation_sent_at is nil. (by @andygeers)
Allow resources with no email field to be recoverable (and do not clear the
reset password token if the model was already persisted). (by @seddy, @stanhu)
enhancements
Upon setting Devise.send_password_change_notification = true a user will receive notification when their password has been changed.
v3.5.2
enhancements
Perform case insensitive basic authorization matching
bug fixes
Do not use digests for password confirmation token
Fix infinite redirect in Rails 4.2 authenticated routes
Autoload Devise::Encryptor to avoid errors on thread-safe mode
deprecations
config.expire_auth_token_on_timeout was removed
v3.4.1
enhancements
Devise default views now have a similar markup to Rails scaffold views. (by @udaysinghcode, @cllns)
Passing now: true to the set_flash_message helper now sets the message into
the flash.now Hash. (by @hbriggs)
bugfixes
Fixed an regression with translation of flash messages for when the authentication_keys
config is a Hash. (by @lucasmazza)
v3.4.0
enhancements
Support added for Rails 4.2. Devise now depends on the responders gem due
the extraction of the respond_with API from Rails. (by @lucasmazza)
The Simple Form templates follow the same change from 3.3.0 by using Log in and adding
a hint about the minimum password length when validatable is enabled. (by @aried3r)
Controller generator added as devise:controllers SCOPE. You can use the -c flag
to pick which controllers (unlocks, confirmations, etc) you want to generate. (by @Chun-Yang)
Removed the hardcoded references for "email" in the flash messages. If you are using
different attributes as the authentication_keys they will be interpolated in the
messages instead. (by @timoschilling)
bug fix
Fixed a regression where the devise generator would fail with a ConnectionNotEstablished
exception when executed inside a mountable engine. (by @lucasmazza)
Ensure to return symbols in find_scope! fixing a previous regression from 3.3.0 (by @micat)
Ensure all causes of failed login have the same error message (by @pjungwir)
The last_attempt_warning now takes effect when generating the unauthenticated
message for your users. To keep the current behavior, this flag is now true
by default. (by @lucasmazza)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Ctrl-R/omrails/network/alerts).
Bumps devise from 2.2.3 to 3.5.10.
Release notes
Sourced from devise's releases.
Commits
321fe1d
Release 3.5.10a7dcf98
Fix overwriting the remember_token when a valid one already exists (#4101)7e658a2
Release 3.5.90252f0e
Extract list of both strategies into class constant07e907e
:beetle: Fix strategy checking in #unlock_strategy_enabled? for :none and und...e9ed3e2
Support for older rails versions.2fa6735
Lock mime-types to ~> 2.99b8cddc3
Release 3.5.81d57169
Send confirmation instructions when a user updates the email address from nil812c1de
Release 3.5.7 version.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Ctrl-R/omrails/network/alerts).