Update Devise configuration after update to 3.5.1

The most notable change is the reduction of the maximum length of the passwords. See Devise's CHANGELOG.md for more information: https://github.com/plataformatec/devise/blob/master/CHANGELOG.md#351---2015-05-24
2015-05-30 14:37:16 +03:00 · 2015-05-30 14:37:16 +03:00 · 83c6b12d8b
parent dfb2d1e793
commit 83c6b12d8b
1 changed files with 19 additions and 10 deletions
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -4,6 +4,8 @@ Devise.setup do |config|
  # The secret key used by Devise. Devise uses this key to generate
  # random tokens. Changing this key will render invalid all existing
  # confirmation, reset password and unlock tokens in the database.
+  # Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`
+  # by default. You can change it below and use your own secret key.
  # config.secret_key = 'generate with `rake secret`'

  # ==> Mailer Configuration
@ -29,7 +31,7 @@ Devise.setup do |config|
  # session. If you need permissions, you should implement that in a before filter.
  # You can also supply a hash where the value is a boolean determining whether
  # or not authentication should be aborted when the value is not present.
-  # config.authentication_keys = [ :email ]
+  # config.authentication_keys = [:email]

  # Configure parameters from the request object used for authentication. Each entry
  # given should be a request method and it will automatically be passed to the
@ -41,12 +43,12 @@ Devise.setup do |config|
  # Configure which authentication keys should be case-insensitive.
  # These keys will be downcased upon creating or modifying a user and when used
  # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [ :email ]
+  config.case_insensitive_keys = [:email]

  # Configure which authentication keys should have whitespace stripped.
  # These keys will have whitespace before and after removed upon creating or
  # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [ :email ]
+  config.strip_whitespace_keys = [:email]

  # Tell if authentication through request.params is enabled. True by default.
  # It can be set to an array that will enable params authentication only for the
@ -61,7 +63,7 @@ Devise.setup do |config|
  # :database      = Support basic authentication with authentication key + password
  # config.http_authenticatable = false

-  # If http headers should be returned for AJAX requests. True by default.
+  # If 401 status code should be returned for AJAX requests. True by default.
  # config.http_authenticatable_on_xhr = true

  # The realm used in Http Basic Authentication. 'Application' by default.
@ -122,12 +124,15 @@ Devise.setup do |config|
  config.reconfirmable = true

  # Defines which key will be used when confirming an account
-  # config.confirmation_keys = [ :email ]
+  # config.confirmation_keys = [:email]

  # ==> Configuration for :rememberable
  # The time the user will be remembered without asking for credentials again.
  # config.remember_for = 2.weeks

+  # Invalidates all the remember me tokens when the user signs out.
+  config.expire_all_remember_me_on_sign_out = true
+
  # If true, extends the user's remember period when remembered via cookie.
  # config.extend_remember_period = false

@ -137,7 +142,7 @@ Devise.setup do |config|

  # ==> Configuration for :validatable
  # Range for password length.
-  config.password_length = 8..128
+  config.password_length = 8..72

  # Email regex used to validate email formats. It simply asserts that
  # one (and only one) @ exists in the given string. This is mainly
@ -159,7 +164,7 @@ Devise.setup do |config|
  # config.lock_strategy = :failed_attempts

  # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [ :email ]
+  # config.unlock_keys = [:email]

  # Defines which strategy will be used to unlock an account.
  # :email = Sends an unlock link to the user email
@ -176,18 +181,22 @@ Devise.setup do |config|
  # config.unlock_in = 1.hour

  # Warn on the last attempt before the account is locked.
-  # config.last_attempt_warning = false
+  # config.last_attempt_warning = true

  # ==> Configuration for :recoverable
  #
  # Defines which key will be used when recovering the password for an account
-  # config.reset_password_keys = [ :email ]
+  # config.reset_password_keys = [:email]

  # Time interval you can reset your password with a reset password key.
  # Don't put a too small interval or your users won't have the time to
  # change their passwords.
  config.reset_password_within = 6.hours

+  # When set to false, does not sign a user in automatically after their password is
+  # reset. Defaults to true, so a user is signed in automatically after a reset.
+  # config.sign_in_after_reset_password = true
+
  # ==> Configuration for :encryptable
  # Allow you to use another encryption algorithm besides bcrypt (default). You can use
  # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
@ -250,7 +259,7 @@ Devise.setup do |config|
  # The router that invoked `devise_for`, in the example above, would be:
  # config.router_name = :my_engine
  #
-  # When using omniauth, Devise cannot automatically set Omniauth path,
+  # When using OmniAuth, Devise cannot automatically set OmniAuth path,
  # so you need to do it manually. For the users scope, it would be:
  # config.omniauth_path_prefix = '/my_engine/users/auth'
 end