Update Devise configuration after update to 3.5.1

The most notable change is the reduction of the maximum length of the passwords. See Devise's CHANGELOG.md for more information: https://github.com/plataformatec/devise/blob/master/CHANGELOG.md#351---2015-05-24
2015-05-30 14:37:16 +03:00 · 2015-05-30 14:37:16 +03:00 · 83c6b12d8b
parent dfb2d1e793
commit 83c6b12d8b
1 changed files with 19 additions and 10 deletions
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -4,6 +4,8 @@ Devise.setup do |config|
  # The secret key used by Devise. Devise uses this key to generate
  # random tokens. Changing this key will render invalid all existing
  # confirmation, reset password and unlock tokens in the database.
+  # Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`
+  # by default. You can change it below and use your own secret key.
  # config.secret_key = 'generate with `rake secret`'

  # ==> Mailer Configuration
@ -61,7 +63,7 @@ Devise.setup do |config|
  # :database      = Support basic authentication with authentication key + password
  # config.http_authenticatable = false

-  # If http headers should be returned for AJAX requests. True by default.
+  # If 401 status code should be returned for AJAX requests. True by default.
  # config.http_authenticatable_on_xhr = true

  # The realm used in Http Basic Authentication. 'Application' by default.
@ -128,6 +130,9 @@ Devise.setup do |config|
  # The time the user will be remembered without asking for credentials again.
  # config.remember_for = 2.weeks

+  # Invalidates all the remember me tokens when the user signs out.
+  config.expire_all_remember_me_on_sign_out = true
+
  # If true, extends the user's remember period when remembered via cookie.
  # config.extend_remember_period = false

@ -137,7 +142,7 @@ Devise.setup do |config|

  # ==> Configuration for :validatable
  # Range for password length.
-  config.password_length = 8..128
+  config.password_length = 8..72

  # Email regex used to validate email formats. It simply asserts that
  # one (and only one) @ exists in the given string. This is mainly
@ -176,7 +181,7 @@ Devise.setup do |config|
  # config.unlock_in = 1.hour

  # Warn on the last attempt before the account is locked.
-  # config.last_attempt_warning = false
+  # config.last_attempt_warning = true

  # ==> Configuration for :recoverable
  #
@ -188,6 +193,10 @@ Devise.setup do |config|
  # change their passwords.
  config.reset_password_within = 6.hours

+  # When set to false, does not sign a user in automatically after their password is
+  # reset. Defaults to true, so a user is signed in automatically after a reset.
+  # config.sign_in_after_reset_password = true
+
  # ==> Configuration for :encryptable
  # Allow you to use another encryption algorithm besides bcrypt (default). You can use
  # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
@ -250,7 +259,7 @@ Devise.setup do |config|
  # The router that invoked `devise_for`, in the example above, would be:
  # config.router_name = :my_engine
  #
-  # When using omniauth, Devise cannot automatically set Omniauth path,
+  # When using OmniAuth, Devise cannot automatically set OmniAuth path,
  # so you need to do it manually. For the users scope, it would be:
  # config.omniauth_path_prefix = '/my_engine/users/auth'
 end