-
-
Notifications
You must be signed in to change notification settings - Fork 458
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add expiring, databaseless password reset tokens #682
Commits on May 13, 2016
-
Configuration menu - View commit details
-
Copy full SHA for 10003db - Browse repository at this point
Copy the full SHA 10003dbView commit details -
Stop supporting older versions of Ruby and Rails
- Remove support for Ruby 1.9, 2.0, and 2.1 - Remove support for Rails 3.1, 3.2, 4.0, and 4.1
Configuration menu - View commit details
-
Copy full SHA for b10a63f - Browse repository at this point
Copy the full SHA b10a63fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6dd080f - Browse repository at this point
Copy the full SHA 6dd080fView commit details -
Use flash alerts rather than notices
These messages are used to tell users they can't access a page without signing in, that their password is incorrect, etc. These are much closer to error or alert states than notice.
Configuration menu - View commit details
-
Copy full SHA for 5263be0 - Browse repository at this point
Copy the full SHA 5263be0View commit details -
Configuration menu - View commit details
-
Copy full SHA for c6f251b - Browse repository at this point
Copy the full SHA c6f251bView commit details -
`PasswordsController#url_after_create` was never called by our code.
Configuration menu - View commit details
-
Copy full SHA for f30b60d - Browse repository at this point
Copy the full SHA f30b60dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9ae46df - Browse repository at this point
Copy the full SHA 9ae46dfView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3313a7e - Browse repository at this point
Copy the full SHA 3313a7eView commit details -
Remove conditionals for older versions of Rails
These `respond_to` checks were added to support changing Rails API as new versions of Rails were released. Now that we support 4.2 or newer, we don't need them.
Configuration menu - View commit details
-
Copy full SHA for 0fb0696 - Browse repository at this point
Copy the full SHA 0fb0696View commit details -
* Remove deprecated parameter handling * Order actions more logically * Update to double quotes
Configuration menu - View commit details
-
Copy full SHA for 64047ca - Browse repository at this point
Copy the full SHA 64047caView commit details
Commits on May 20, 2016
-
Add expiring, databaseless password reset tokens
It is a best security practice for password reset token to expire after some amount of time. In Clearance 1.x, this was not the case. A password reset email could be used months after it was originally sent so long as no other password reset was ever completed. In this change, password resets expire after 15 minutes (configurable) or after the user successfully changes their password in any manner (whichever comes first). The token, confusingly called `confirmation_token`, is no longer stored in the database. Instead, we use `ActiveSupport::MessageVerifier` to sign the token and validate it when it is used. The message verifier is configurable in case developers want to use something else. In a future refactoring, I'd like to introduce a layer between Clearance and `ActiveSupport::MessageVerifier` to make the API a bit more pleasant to use, but this is an exercise for a future PR. For instance, I'd prefer that the Clearance abstraction generate and validate tokens only by taking a user object (and using the Clearance configuration).
Configuration menu - View commit details
-
Copy full SHA for 13b31ac - Browse repository at this point
Copy the full SHA 13b31acView commit details -
This cleans up some of the duplication of knowledge for how password reset tokens are generated and allows us to move tests for the various ways a reset token can be invalid into unit tests.
Configuration menu - View commit details
-
Copy full SHA for c3426a2 - Browse repository at this point
Copy the full SHA c3426a2View commit details -
Use digested encrypted password in reset tokens
We were previously using the encrypted password as part of the signed password reset token. Theoretically, emailing this token out could expose the encrypted password to some adversary who would then be able to do offline attacks against it. This would likely not be very successful, but in an abundance of caution, this change exposes an MD5'd version of the encrypted password instead.
Configuration menu - View commit details
-
Copy full SHA for b88990c - Browse repository at this point
Copy the full SHA b88990cView commit details