devise

devise copied to clipboard

Active Job integration clarification

1

Hi, I was looking into using Active Job to deliver Devise messages, and I am a bit confused: - the README suggests a very simple implementation: https://github.com/heartcombo/devise/blob/e2242a95f3bb2e68ec0e9a064238ff7af6429545/README.md#L694-L704 - however, source...

olivier-thatch

Removed now obsolete SecretKeyFinder

8

SecretKeyFinder was required to handle rails configuration pre 6.0 which is no longer supported. Secret key can (and should!) be now read directly from rails application. Fixes: https://github.com/heartcombo/devise/issues/5644 Probably surpasses:...

BroiSatse

add email_scope option for email uniqueness validator

38

This is a reboot of the closed PR #4793 with some tests. Issue #4767 has a lot of information about why this would be useful. Description from #4793 - per...

flynfish

ActionController::InvalidAuthenticityToken in Devise::SessionsController#create

18

Ruby 3.2.2 Rails 7.0.8 Devise 4.9.2 ## Current behavior Extremely frustrating. All of a sudden I try to login/register I get Can't verify CSRF token authenticity.. I didn't do any...

venkat071982

`Devise::SecretKeyFinder#find` deprioritizes use of the deprecated find method in `rails`

6

The `rails/rails` repository has deprecated `rails.application.secrets` due to [this PR](https://github.com/rails/rails/pull/48472). `Devise::SecretKeyFinder#find` sequentially examines the variables stored by searching `secret_key_base`, but deprecated `Rails.application.secrets` is searched first, so in many cases A...

soartec-lab

Support deferred Mailer delivery with `deliver_later`

6

Re-opens [#4224][] By default, all `Devise::Models::Authenticatable`-initiated Action Mailer deliveries are transmitted immediately (within the request-response cycle). Transmitting emails and interacting with any third-party services over SMTP or HTTP risk service...

seanpdoyle

Overwriting Devise::SessionsController#create doesn't stop signing in

7

## Environment - Ruby **3.2.2** - Rails **7.0.5** - Devise **4.9.2** ## Current behavior If I overwrite Devise::SessionsController#create in custom controller to not sign in user and just redirect it...

WozniakMac

Not possible to reach maintainers to discuss possible security vulnerability

8

## Current behavior I have emailed [email protected] (the 23rd of December 2020) with questions regarding a possible security vulnerability in an extension of Devise but haven't received a response yet....

ghost

This PR adds Rails 7.1 and Ruby 3.3 in the CI matrix. It excludes rubies that are incompatible with Rails 7.2 ``` Because every version of rails depends on Ruby...

berkos

devcamke