Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 69 lines (53 sloc) 2.777 kb
9043cf5 @Dorian Change .h1, .h2, .h3 to #, ## and ### for correct rendering in github
Dorian authored
1 # Internal Changes to code
53f3f3b * login in /\w+\.\-_@/ This allows (most) email addresses and is saf…
Philip (flip) Kromer authored
2
68cbb44 Organized README, CHANGELOG and notes/;
Philip (flip) Kromer authored
3 As always, this is just a copy-and-pasted version of the CHANGELOG file in the source code tree.
c0a15f4 Backported changes to model and model_controller:
Philip (flip) Kromer authored
4
9043cf5 @Dorian Change .h1, .h2, .h3 to #, ## and ### for correct rendering in github
Dorian authored
5 ## Changes for the May, 2008 version of restful-authentication
e1fc61d cleaned up CHANGELOG entries
Philip (flip) Kromer authored
6
9043cf5 @Dorian Change .h1, .h2, .h3 to #, ## and ### for correct rendering in github
Dorian authored
7 ### Changes to user model
68cbb44 Organized README, CHANGELOG and notes/;
Philip (flip) Kromer authored
8
9 * recently_activated? belongs only if stateful
10 * Gave migration a 40-char limit on remember_token & an index on users by login
11 * **Much** stricter login and email validation
12 * put length constraints in migration too
13 * password in 6, 40
14 * salt and remember_token now much less predictability
15
9043cf5 @Dorian Change .h1, .h2, .h3 to #, ## and ### for correct rendering in github
Dorian authored
16 ### Changes to session_controller
2c84070 * use uniform logout function
Philip (flip) Kromer authored
17
18 * use uniform logout function
68cbb44 Organized README, CHANGELOG and notes/;
Philip (flip) Kromer authored
19 * use uniform remember_cookie functions
2c84070 * use uniform logout function
Philip (flip) Kromer authored
20 * avoid calling logged_in? which will auto-log-you-in (safe in the face of
68cbb44 Organized README, CHANGELOG and notes/;
Philip (flip) Kromer authored
21 logout! call, but idiot-proof)
22 * Moved reset_session into only the "now logged in" branch
23 ** wherever it goes, it has to be in front of the current_user= call
24 ** See more in README-Tradeoffs.txt
2c84070 * use uniform logout function
Philip (flip) Kromer authored
25 * made a place to take action on failed login attempt
26 * recycle login and remember_me setting on failed login
27 * nil'ed out the password field in 'new' view
28
9043cf5 @Dorian Change .h1, .h2, .h3 to #, ## and ### for correct rendering in github
Dorian authored
29 ### Changes to users_controller
25c1508 * use uniform logout function
Philip (flip) Kromer authored
30
68cbb44 Organized README, CHANGELOG and notes/;
Philip (flip) Kromer authored
31 * use uniform logout function
32 * use uniform remember_cookie functions
33 * Moved reset_session into only the "now logged in" branch
34 ** wherever it goes, it has to be in front of the current_user= call
35 ** See more in README-Tradeoffs.txt
d4319fc * Made authorized? take optional arguments action=nil, resource=nil, …
Philip (flip) Kromer authored
36 * made the implicit login only happen for non-activationed sites
37 * On a failed signup, kick you back to the signin screen (but strip out the password & confirmation)
25c1508 * use uniform logout function
Philip (flip) Kromer authored
38 * more descriptive error messages in activate()
39
9043cf5 @Dorian Change .h1, .h2, .h3 to #, ## and ### for correct rendering in github
Dorian authored
40 ### users_helper
2c84070 * use uniform logout function
Philip (flip) Kromer authored
41
68cbb44 Organized README, CHANGELOG and notes/;
Philip (flip) Kromer authored
42 * link_to_user, link_to_current_user, link_to_signin_with_IP
2c84070 * use uniform logout function
Philip (flip) Kromer authored
43 * if_authorized(action, resource, &block) view function (with appropriate
44 warning)
45
9043cf5 @Dorian Change .h1, .h2, .h3 to #, ## and ### for correct rendering in github
Dorian authored
46 ### authenticated_system
c0a15f4 Backported changes to model and model_controller:
Philip (flip) Kromer authored
47
d4319fc * Made authorized? take optional arguments action=nil, resource=nil, …
Philip (flip) Kromer authored
48 * Made authorized? take optional arguments action=nil, resource=nil, *args
49 This makes its signature better match traditional approaches to access control
68cbb44 Organized README, CHANGELOG and notes/;
Philip (flip) Kromer authored
50 eg Reference Monitor in "Security Patterns":http://www.securitypatterns.org/patterns.html)
d4319fc * Made authorized? take optional arguments action=nil, resource=nil, …
Philip (flip) Kromer authored
51 * authorized? should be a helper too
52 * added uniform logout! methods
53 * format.any (as found in access_denied) doesn't work until
54 http://dev.rubyonrails.org/changeset/8987 lands.
875781d Fixed the 'made some methods public' kludge
Philip (flip) Kromer authored
55 * cookies are now refreshed each time we cross the logged out/in barrier, as
56 "best":http://palisade.plynt.com/issues/2004Jul/safe-auth-practices/
57 "practice":http://www.owasp.org/index.php/Session_Management#Regeneration_of_Session_Tokens
790f5f6 Made current_user and logged_in? be public methods. !!!! Possibly st…
Philip (flip) Kromer authored
58
9043cf5 @Dorian Change .h1, .h2, .h3 to #, ## and ### for correct rendering in github
Dorian authored
59 ### Other
215673b Minor changes to make specs and stories pass. About to start adding …
Philip (flip) Kromer authored
60
61 * Used escapes <%= %> in email templates (among other reasons, so courtenay's
62 "'dumbass' test":http://tinyurl.com/684g9t doesn't complain)
68cbb44 Organized README, CHANGELOG and notes/;
Philip (flip) Kromer authored
63 * Added site key to generator, users.yml.
64 * Made site key generation idempotent in the most crude and hackish way
65 * 100% coverage apart from the stateful code. (needed some access_control
66 checks, and the http_auth stuff)
67 * Stories!
53f3f3b * login in /\w+\.\-_@/ This allows (most) email addresses and is saf…
Philip (flip) Kromer authored
68
Something went wrong with that request. Please try again.