Fetching contributors…
Cannot retrieve contributors at this time
401 lines (286 sloc) 11.1 KB


  • enhancements

    • Rails 3 compatibility.

    • All controllers and views are namespaced, for example: Devise::SessionsController and “devise/sessions”.

    • Devise.orm is deprecated. This reduces the required API to hook your ORM with devise.

    • Use metal for failure app.

    • HTML e-mails now have proper formatting.

    • Do not remove options from Datamapper and MongoMapper in find.

    • Allow to give :skip and :controllers in routes.

    • Move trackable logic to the model.

    • E-mails now use any template available in the filesystem. Easy to create multipart e-mails.

    • E-mails asks headers_for in the model to set the proper headers.

    • Allow to specify haml in devise_views.

    • Compatibility with Datamapper and Mongoid.

    • Make config.devise available on config/application.rb.

    • TokenAuthenticatable now works with HTTP Basic Auth.

    • Allow :unlock_strategy to be :none and add :lock_strategy which can be :failed_attempts or none. Setting those values to :none means that you want to handle lock and unlocking by yourself.

    • No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3.

    • :activatable is included by default in your models.

  • bug fix

    • fix a bug with STI

  • deprecations

    • Rails 3 compatible only.

    • Scoped views are no longer “sessions/users/new”. Now use “users/sessions/new”.

    • Devise.orm is deprecated, just require “devise/orm/YOUR_ORM” instead.

    • Devise.default_url_options is deprecated, just modify ApplicationController.default_url_options.

    • All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure.

    • :as and :scope in routes is deprecated. Use :path and :singular instead.


  • bug fix

    • Do not allow unlockable strategies based on time to access a controller.

    • Do not send unlockable email several times.

    • Allow controller to upstram custom! failures to Warden.


  • bug fix

    • Use prepend_before_filter in require_no_authentication.

    • require_no_authentication on unlockable.

    • Fix a bug when giving an association proxy to devise.

    • Do not use lock! on lockable since it's part of ActiveRecord API.


  • bug fix

    • Fixed a bug when deleting an account with rememberable

    • Fixed a bug with custom controllers


  • enhancements

    • HTML e-mails now have proper formatting

    • Do not remove MongoMapper options in find


  • enhancements

    • Allows you set mailer content type (by

  • bug fix

    • Uses the same content type as request on http authenticatable 401 responses


  • enhancements

    • HttpAuthenticatable is not added by default automatically.

    • Avoid mass assignment error messages with current password.

  • bug fix

    • Fixed encryptors autoload


  • deprecation

    • :old_password in update_with_password is deprecated, use :current_password instead

  • enhancements

    • Added Registerable

    • Added Http Basic Authentication support

    • Allow scoped_views to be customized per controller/mailer class

    • #99

      Allow authenticatable to used in change_table statements


  • bug fix

    • Ensure inactive user cannot sign in

    • Ensure redirect to proper url after sign up

  • enhancements

    • Added gemspec to repo

    • Added token authenticatable (by


  • bug fix

    • Allow bigger salt size (by

    • Fix relative url root


  • deprecation

    • devise :all is deprecated

    • :success and :failure flash messages are now :notice and :alert

  • enhancements

    • Added devise lockable (by

    • Warden 0.9.0 compatibility

    • Mongomapper 0.6.10 compatibility

    • Added Devise.add_module as hooks for extensions (by

    • Ruby 1.9.1 compatibility (by

  • bug fix

    • Accept path prefix not starting with slash

    • url helpers should rely on find_scope!


  • enhancements

    • Allow Devise.mailer_sender to be a proc (by

  • bug fix

    • Fix bug with passenger, update is required to anyone deploying on passenger (by


  • enhancements

    • Move salt to encryptors

    • Devise::Lockable

    • Moved view links into partial and I18n'ed them

  • bug fix

    • Bcrypt generator was not being loaded neither setting the proper salt


  • enhancements

    • Warden 0.8.0 compatibility

    • Add an easy for map.connect “sign_in”, :controller => “sessions”, :action => “new” to work

    • Added :bcrypt encryptor (by

  • bug fix

    • sign_in_count is also increased when user signs in via password change, confirmation, etc..

    • More DataMapper compatibility (by

  • deprecation

    • Removed DeviseMailer.sender


  • enhancements

    • Set a default value for mailer to avoid find_template issues

    • Add models configuration to MongoMapper::EmbeddedDocument as well


  • enhancements

    • Extract Activatable from Confirmable

    • Decouple Serializers from Devise modules


  • bug fix

    • Give scope to the proper model validation

  • enhancements

    • Mail views are scoped as well

    • Added update_with_password for authenticatable

    • Allow render_with_scope to accept :controller option


  • deprecation

    • Renamed reset_confirmation! to resend_confirmation!

    • Copying locale is part of the installation process

  • bug fix

    • Fixed render_with_scope to work with all controllers

    • Allow sign in with two different users in Devise::TestHelpers


  • enhancements

    • Small enhancements for other plugins compatibility (by


  • deprecations

    • :authenticatable is not included by default anymore

  • enhancements

    • Improve loading process

    • Extract SessionSerializer from Authenticatable


  • bug fix

    • Added trackable to migrations

    • Allow inflections to work


  • enhancements

    • More DataMapper compatibility

    • Devise::Trackable - track sign in count, timestamps and ips


  • enhancements

    • Devise::Timeoutable - timeout sessions without activity

    • DataMapper now accepts conditions


  • deprecations

    • :authenticatable is still included by default, but yields a deprecation warning

  • enhancements

    • Added DataMapper support

    • Remove store_location from authenticatable strategy and add it to failure app

    • Allow a strategy to be placed after authenticatable

    • #45

      Do not rely attribute? methods, since they are not added on Datamapper


  • enhancements

    • #42

      Do not send nil to build (DataMapper compatibility)

    • #44

      Allow to have scoped views


  • enhancements

    • Allow overwriting find for authentication method

    • #38

      Remove Ruby 1.8.7 dependency


  • deprecations

    • Deprecate :singular in devise_for and use :scope instead

  • enhancements

    • #37

      Create after_sign_in_path_for and after_sign_out_path_for hooks to be

      overwriten in ApplicationController

    • Create sign_in_and_redirect and sign_out_and_redirect helpers

    • Warden::Manager.default_scope is automatically configured to the first given scope


  • bug fix

    • MongoMapper now converts DateTime to Time

    • Ensure all controllers are unloadable

  • enhancements

    • #35

      Moved friendly_token to Devise

    • Added Devise.all, so you can freeze your app strategies

    • Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper in cases you don't want it be handlded automatically


  • enhancements

    • #28

      Improved sign_in and sign_out helpers to accepts resources

    • #28

      Added stored_location_for as a helper

    • #20

      Added test helpers


  • enhancements

    • Added serializers based on Warden ones

    • Allow authentication keys to be set


  • bug fix

    • Fixed a bug where remember me module was not working properly

  • enhancements

    • Moved encryption strategy into the Encryptors module to allow several algorithms (by

    • Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by

    • Added support for MongoMapper (by


  • bug fix

    • #29

      Authentication just fails if user cannot be serialized from session, without raising errors;

    • Default configuration values should not overwrite user values;


  • deprecations

    • Renamed mail_sender to mailer_sender

  • enhancements

    • skip_before_filter added in Devise controllers

    • Use home_or_root_path on require_no_authentication as well

    • Added devise_controller?, useful to select or reject filters in ApplicationController

    • Allow :path_prefix to be given to devise_for

    • Allow default_url_options to be configured through devise (:path_prefix => “/:locale” is now supported)


  • bug fix

    • #21

      Ensure options can be set even if models were not loaded


  • deprecations

    • Notifier is deprecated, use DeviseMailer instead. Remember to rename app/views/notifier to app/views/devise_mailer and I18n key from devise.notifier to devise.mailer

    • :authenticable calls are deprecated, use :authenticatable instead

  • enhancements

    • #16

      Allow devise to be more agnostic and do not require ActiveRecord to be loaded

    • Allow Warden::Manager to be configured through Devise

    • Created a generator which creates an initializer


  • bug fix

    • #15

      Allow yml messages to be configured by not using engine locales

  • deprecations

    • Renamed confirm_in to confirm_within

    • #14

      Do not send confirmation messages when user changes his e-mail

    • #13

      Renamed authenticable to authenticatable and added deprecation warnings


  • enhancements

    • Ensure fail! works inside strategies

    • #12

      Make unauthenticated message (when you haven't signed in) different from invalid message

  • bug fix

    • Do not redirect on invalid authenticate

    • Allow model configuration to be set to nil


  • bug fix

    • #9

      Fix a bug when using customized resources


  • refactor

    • Clean devise_views generator to use devise existing views

  • enhancements

    • #7

      Create instance variables (like @user) for each devise controller

    • Use Devise::Controller::Helpers only internally

  • bug fix

    • #6

      Fix a bug with Mongrel and Ruby 1.8.6


  • enhancements

    • #4

      Allow option :null => true in authenticable migration

    • #3

      Remove attr_accessible calls from devise modules

    • Customizable time frame for rememberable with :remember_for config

    • Customizable time frame for confirmable with :confirm_in config

    • Generators for creating a resource and copy views

  • optimize

    • Do not load hooks or strategies if they are not used

  • bug fixes

    • #2

      Fixed requiring devise strategies


  • bug fixes

    • #1

      Fixed requiring devise mapping


  • Devise::Authenticable

  • Devise::Confirmable

  • Devise::Recoverable

  • Devise::Validatable

  • Devise::Migratable

  • Devise::Rememberable

  • SessionsController

  • PasswordsController

  • ConfirmationsController

  • Create an example app

  • devise :all, :except => :rememberable

  • Use sign_in and sign_out in SessionsController

  • Mailer subjects namespaced by model

  • Allow stretches and pepper per model

  • Store session in session

  • Sign user in automatically after confirming or changing it's password