It turned out that Digest::SHA1 and SecureRandom.hex returns a US-ASCII string. We should cast it to UTF-8 to avoid problem with Sqlite3
…dom (now just SecureRandom)
…unnecessary and causes a small performance problem on some apps. Resolves #148
… hashing methods.
…because it will force downcasing
allow old users to sign in by reseting their password. This initializes their salt, generates a remember token, and encrypts their password for the first time.
…he conditional is implied
… a security hole for people who forget to use attr_accessible, can be handled by a rake task
* Improved and fixed test case that ensures different remember tokens for users created at the same time with the same password. * With remember_token generation occuring at creation now, the old test case was no longer valid.
* Allows for the same user to sign in from two locations at once * Added support for setting User#remember_token on creation * Addresses this thread: http://groups.google.com/group/thoughtbot-clearance/browse_thread/thread/d071ae84573e40ff
…enerate_confirmation_token to before_create
this does not belong in an authentication library. the application developer should decide whether they want to use attr_accessible
…? and forget_me! user instance methods
…ken, & remember_token_expires_at
…ations & not have to copy over attr_accessor, attr_accessible, & callbacks.