diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index d50107bc..a8c34243 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -4,7 +4,7 @@ # ==> Mailer Configuration # Configure the e-mail address which will be shown in Devise::Mailer, # note that it will be overwritten if you use your own mailer class with default "from" parameter. - config.mailer_sender = "please-change-me-at-config-initializers-devise@example.com" + config.mailer_sender = "no-reply@kandan.com" # Configure the class responsible to send e-mails. # config.mailer = "Devise::Mailer" @@ -35,17 +35,23 @@ # Configure which authentication keys should be case-insensitive. # These keys will be downcased upon creating or modifying a user and when used # to authenticate or find a user. Default is :email. - config.case_insensitive_keys = [ :username ] + config.case_insensitive_keys = [ :email, :username ] # Configure which authentication keys should have whitespace stripped. # These keys will have whitespace before and after removed upon creating or # modifying a user and when used to authenticate or find a user. Default is :email. - config.strip_whitespace_keys = [ :username ] + config.strip_whitespace_keys = [ :email, :username ] # Tell if authentication through request.params is enabled. True by default. + # It can be set to an array that will enable params authentication only for the + # given strategies, for example, `config.params_authenticatable = [:database]` will + # enable it only for database (email + password) authentication. # config.params_authenticatable = true # Tell if authentication through HTTP Basic Auth is enabled. False by default. + # It can be set to an array that will enable http authentication only for the + # given strategies, for example, `config.http_authenticatable = [:token]` will + # enable it only for token authentication. # config.http_authenticatable = false # If http headers should be returned for AJAX requests. True by default. @@ -59,6 +65,13 @@ # Does not affect registerable. # config.paranoid = true + # By default Devise will store the user in session. You can skip storage for + # :http_auth and :token_auth by adding those symbols to the array below. + # Notice that if you are skipping storage for all authentication paths, you + # may want to disable generating routes to Devise's sessions controller by + # passing :skip => :sessions to `devise_for` in your config/routes.rb + config.skip_session_storage = [:http_auth] + # ==> Configuration for :database_authenticatable # For bcrypt, this is the cost for hashing the password and defaults to 10. If # using other encryptors, it sets how many times you want the password re-encrypted. @@ -77,7 +90,13 @@ # able to access the website for two days without confirming his account, # access will be blocked just in the third day. Default is 0.days, meaning # the user cannot access the website without confirming his account. - # config.confirm_within = 2.days + # config.allow_unconfirmed_access_for = 2.days + + # If true, requires any email changes to be confirmed (exactly the same way as + # initial account confirmation) to be applied. Requires additional unconfirmed_email + # db field (see migrations). Until confirmed new email is stored in + # unconfirmed email column, and copied to email column on successful confirmation. + config.reconfirmable = true # Defines which key will be used when confirming an account # config.confirmation_keys = [ :email ] @@ -86,15 +105,12 @@ # The time the user will be remembered without asking for credentials again. # config.remember_for = 2.weeks - # If true, a valid remember token can be re-used between multiple browsers. - # config.remember_across_browsers = true - # If true, extends the user's remember period when remembered via cookie. # config.extend_remember_period = false # Options to be passed to the created cookie. For instance, you can set # :secure => true in order to force SSL only cookies. - # config.cookie_options = {} + # config.rememberable_options = {} # ==> Configuration for :validatable # Range for password length. Default is 6..128. @@ -109,6 +125,9 @@ # The time you want to timeout the user session without activity. After this # time the user will be asked for credentials again. Default is 30 minutes. # config.timeout_in = 30.minutes + + # If true, expires auth token on session timeout. + # config.expire_auth_token_on_timeout = false # ==> Configuration for :lockable # Defines which strategy will be used to lock an account. @@ -155,10 +174,6 @@ # Defines name of the authentication token params key # config.token_authentication_key = :auth_token - # If true, authentication through token does not store user in session and needs - # to be supplied on each request. Useful if you are using the token as API token. - # config.stateless_token = false - # ==> Scopes configuration # Turn scoped views on. Before rendering "sessions/new", it will first check for # "users/sessions/new". It's turned off by default because it's slower if you @@ -169,9 +184,8 @@ # devise role declared in your routes (usually :user). # config.default_scope = :user - # Configure sign_out behavior. - # Sign_out action can be scoped (i.e. /users/sign_out affects only :user scope). - # The default is true, which means any logout action will sign out all active scopes. + # Set this configuration to false if you want /users/sign_out to sign out + # only the current scope. By default, Devise signs out all scopes. # config.sign_out_all_scopes = true # ==> Navigation configuration @@ -182,9 +196,8 @@ # If you have any extra navigational formats, like :iphone or :mobile, you # should add them to the navigational formats lists. # - # The :"*/*" and "*/*" formats below is required to match Internet - # Explorer requests. - # config.navigational_formats = [:"*/*", "*/*", :html] + # The "*/*" below is required to match Internet Explorer requests. + # config.navigational_formats = ["*/*", :html] # The default HTTP method used to sign out a resource. Default is :delete. config.sign_out_via = :delete @@ -202,4 +215,18 @@ # manager.intercept_401 = false # manager.default_strategies(:scope => :user).unshift :some_external_strategy # end -end + + # ==> Mountable engine configurations + # When using Devise inside an engine, let's call it `MyEngine`, and this engine + # is mountable, there are some extra configurations to be taken into account. + # The following options are available, assuming the engine is mounted as: + # + # mount MyEngine, at: "/my_engine" + # + # The router that invoked `devise_for`, in the example above, would be: + # config.router_name = :my_engine + # + # When using omniauth, Devise cannot automatically set Omniauth path, + # so you need to do it manually. For the users scope, it would be: + # config.omniauth_path_prefix = "/my_engine/users/auth" +end \ No newline at end of file diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml index 79b3d5e6..ec9a38df 100644 --- a/config/locales/devise.en.yml +++ b/config/locales/devise.en.yml @@ -35,13 +35,11 @@ en: confirmed: 'Your account was successfully confirmed. You are now signed in.' registrations: signed_up: 'Welcome! You have signed up successfully.' - inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.' updated: 'You updated your account successfully.' destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.' - reasons: - inactive: 'inactive' - unconfirmed: 'unconfirmed' - locked: 'locked' + signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.' + signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.' + signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.' unlocks: send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.' unlocked: 'Your account was successfully unlocked. You are now signed in.' diff --git a/db/migrate/20120306154555_devise_create_users.rb b/db/migrate/20120306154555_devise_create_users.rb index 08dd1fe2..ac6a21d1 100644 --- a/db/migrate/20120306154555_devise_create_users.rb +++ b/db/migrate/20120306154555_devise_create_users.rb @@ -1,16 +1,43 @@ class DeviseCreateUsers < ActiveRecord::Migration def change create_table(:users) do |t| - t.database_authenticatable :null => false - t.recoverable - t.rememberable - t.trackable - t.token_authenticatable - - # t.encryptable - # t.confirmable - # t.lockable :lock_strategy => :failed_attempts, :unlock_strategy => :both - # t.token_authenticatable + ## Database authenticatable + t.string :email, :null => false, :default => "" + t.string :encrypted_password, :null => false, :default => "" + + ## Recoverable + t.string :reset_password_token + t.datetime :reset_password_sent_at + + ## Rememberable + t.datetime :remember_created_at + + ## Trackable + t.integer :sign_in_count, :default => 0 + t.datetime :current_sign_in_at + t.datetime :last_sign_in_at + t.string :current_sign_in_ip + t.string :last_sign_in_ip + + ## Encryptable + # t.string :password_salt + + ## Confirmable + # t.string :confirmation_token + # t.datetime :confirmed_at + # t.datetime :confirmation_sent_at + # t.string :unconfirmed_email # Only if using reconfirmable + + ## Lockable + # t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts + # t.string :unlock_token # Only if unlock strategy is :email or :both + # t.datetime :locked_at + + # Token authenticatable + t.string :authentication_token + + ## Invitable + # t.string :invitation_token t.text :first_name t.text :last_name