consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Base Devise initializer on the latest version

Browse Source 
We haven't updated this initializer for years, so here's the updated
version. The `expire_auth_token_on_timeout` doesn't seem to exist
anymore, and a few more options have been added.

Note that the default Devise initializer configures
`config.responder.error_status` and `config.responder.redirect_status`
so they follow Hotwire/Turbo conventions. For now, I'm commenting these
lines because we currently don't use Hotwire/Turbo.
This commit is contained in:
Javi Martín
2024-03-19 22:04:42 +01:00
parent 965283d81d
commit 8d2c2c473e
1 changed files with 54 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
config/initializers/devise.rb
View File

@@ -6,10 +6,14 @@ Devise.setup do |config|
# The secret key used by Devise. Devise uses this key to generate # The secret key used by Devise. Devise uses this key to generate
# random tokens. Changing this key will render invalid all existing # random tokens. Changing this key will render invalid all existing
# confirmation, reset password and unlock tokens in the database. # confirmation, reset password and unlock tokens in the database.
# Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key` # Devise will use the `secret_key_base` as its `secret_key`
# by default. You can change it below and use your own secret key. # by default. You can change it below and use your own secret key.
config.secret_key = Rails.application.secrets.secret_key_base config.secret_key = Rails.application.secrets.secret_key_base
# ==> Controller configuration
# Configure the parent class to the devise controllers.
# config.parent_controller = 'DeviseController'
# ==> Mailer Configuration # ==> Mailer Configuration
# Configure the e-mail address which will be shown in Devise::Mailer, # Configure the e-mail address which will be shown in Devise::Mailer,
# note that it will be overwritten if you use your own mailer class # note that it will be overwritten if you use your own mailer class
@@ -65,7 +69,10 @@ Devise.setup do |config|
# Tell if authentication through HTTP Auth is enabled. False by default. # Tell if authentication through HTTP Auth is enabled. False by default.
# It can be set to an array that will enable http authentication only for the # It can be set to an array that will enable http authentication only for the
# given strategies, for example, `config.http_authenticatable = [:database]` will # given strategies, for example, `config.http_authenticatable = [:database]` will
# enable it only for database authentication. The supported strategies are: # enable it only for database authentication.
# For API-only applications to support authentication "out-of-the-box", you will likely want to
# enable this with :database unless you are using a custom strategy.
# The supported strategies are:
# :database = Support basic authentication with authentication key + password # :database = Support basic authentication with authentication key + password
# config.http_authenticatable = false # config.http_authenticatable = false
@@ -93,26 +100,44 @@ Devise.setup do |config|
# from the server. You can disable this option at your own risk. # from the server. You can disable this option at your own risk.
# config.clean_up_csrf_token_on_authentication = true # config.clean_up_csrf_token_on_authentication = true
# When false, Devise will not attempt to reload routes on eager load.
# This can reduce the time taken to boot the app but if your application
# requires the Devise mappings to be loaded during boot time the application
# won't boot properly.
# config.reload_routes = true
# ==> Configuration for :database_authenticatable # ==> Configuration for :database_authenticatable
# For bcrypt, this is the cost for hashing the password and defaults to 10. If # For bcrypt, this is the cost for hashing the password and defaults to 12. If
# using other encryptors, it sets how many times you want the password re-encrypted. # using other algorithms, it sets how many times you want the password to be hashed.
# The number of stretches used for generating the hashed password are stored
# with the hashed password. This allows you to change the stretches without
# invalidating existing passwords.
# #
# Limiting the stretches to just one in testing will increase the performance of # Limiting the stretches to just one in testing will increase the performance of
# your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
# a value less than 10 in other environments. Note that, for bcrypt (the default # a value less than 10 in other environments. Note that, for bcrypt (the default
# encryptor), the cost increases exponentially with the number of stretches (e.g. # algorithm), the cost increases exponentially with the number of stretches (e.g.
# a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
config.stretches = Rails.env.test? ? 1 : 10 config.stretches = Rails.env.test? ? 1 : 10
# Setup a pepper to generate the encrypted password. # Setup a pepper to generate the encrypted password.
# config.pepper = '43d5d80fc0a95d9aa618ca138b747b1d7623020544249e2672bf3a19846fa47baa29117cba30c9edcd3fcd10d379cd65c485a3f931a7a19efb3a794796828432' # config.pepper = '43d5d80fc0a95d9aa618ca138b747b1d7623020544249e2672bf3a19846fa47baa29117cba30c9edcd3fcd10d379cd65c485a3f931a7a19efb3a794796828432'
# Send a notification to the original email when the user's email is changed.
# config.send_email_changed_notification = false
# Send a notification email when the user's password is changed.
# config.send_password_change_notification = false
# ==> Configuration for :confirmable # ==> Configuration for :confirmable
# A period that the user is allowed to access the website even without # A period that the user is allowed to access the website even without
# confirming their account. For instance, if set to 2.days, the user will be # confirming their account. For instance, if set to 2.days, the user will be
# able to access the website for two days without confirming their account, # able to access the website for two days without confirming their account,
# access will be blocked just in the third day. Default is 0.days, meaning # access will be blocked just in the third day.
# the user cannot access the website without confirming their account. # You can also set it to nil, which will allow the user to access the website
# without confirming their account.
# Default is 0.days, meaning the user cannot access the website without
# confirming their account.
# config.allow_unconfirmed_access_for = 2.days # config.allow_unconfirmed_access_for = 2.days
# A period that the user is allowed to confirm their account before their # A period that the user is allowed to confirm their account before their
@@ -153,16 +178,13 @@ Devise.setup do |config|
# Email regex used to validate email formats. It simply asserts that # Email regex used to validate email formats. It simply asserts that
# one (and only one) @ exists in the given string. This is mainly # one (and only one) @ exists in the given string. This is mainly
# to give user feedback and not to assert the e-mail validity. # to give user feedback and not to assert the e-mail validity.
# config.email_regexp = /\A[^@]+@[^@]+\z/ # config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
# ==> Configuration for :timeoutable # ==> Configuration for :timeoutable
# The time you want to timeout the user session without activity. After this # The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again. Default is 30 minutes. # time the user will be asked for credentials again. Default is 30 minutes.
# config.timeout_in = 30.minutes # config.timeout_in = 30.minutes
# If true, expires auth token on session timeout.
# config.expire_auth_token_on_timeout = false
# ==> Configuration for :lockable # ==> Configuration for :lockable
# Defines which strategy will be used to lock an account. # Defines which strategy will be used to lock an account.
# :failed_attempts = Locks an account after a number of failed attempts to sign in. # :failed_attempts = Locks an account after a number of failed attempts to sign in.
@@ -204,11 +226,11 @@ Devise.setup do |config|
# config.sign_in_after_reset_password = true # config.sign_in_after_reset_password = true
# ==> Configuration for :encryptable # ==> Configuration for :encryptable
# Allow you to use another encryption algorithm besides bcrypt (default). You can use # Allow you to use another hashing or encryption algorithm besides bcrypt (default).
# :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1, # You can use :sha1, :sha512 or algorithms from others authentication tools as
# :authlogic_sha512 (then you should set stretches above to 20 for default behavior) # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
# and :restful_authentication_sha1 (then you should set stretches to 10, and copy # for default behavior) and :restful_authentication_sha1 (then you should set
# REST_AUTH_SITE_KEY to pepper). # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
# #
# Require the `devise-encryptable` gem when using anything other than bcrypt # Require the `devise-encryptable` gem when using anything other than bcrypt
# config.encryptor = :sha512 # config.encryptor = :sha512
@@ -229,7 +251,7 @@ Devise.setup do |config|
# ==> Navigation configuration # ==> Navigation configuration
# Lists the formats that should be treated as navigational. Formats like # Lists the formats that should be treated as navigational. Formats like
# :html, should redirect to the sign in page when the user does not have # :html should redirect to the sign in page when the user does not have
# access, but formats like :xml or :json, should return 401. # access, but formats like :xml or :json, should return 401.
# #
# If you have any extra navigational formats, like :iphone or :mobile, you # If you have any extra navigational formats, like :iphone or :mobile, you
@@ -288,6 +310,21 @@ Devise.setup do |config|
# When using OmniAuth, Devise cannot automatically set OmniAuth path, # When using OmniAuth, Devise cannot automatically set OmniAuth path,
# so you need to do it manually. For the users scope, it would be: # so you need to do it manually. For the users scope, it would be:
# config.omniauth_path_prefix = '/my_engine/users/auth' # config.omniauth_path_prefix = '/my_engine/users/auth'
# ==> Hotwire/Turbo configuration
# When using Devise with Hotwire/Turbo, the http status for error responses
# and some redirects must match the following. The default in Devise for existing
# apps is `200 OK` and `302 Found` respectively, but new apps are generated with
# these new defaults that match Hotwire/Turbo behavior.
# Note: These might become the new default in future versions of Devise.
# config.responder.error_status = :unprocessable_entity
# config.responder.redirect_status = :see_other
# ==> Configuration for :registerable
# When set to false, does not sign a user in automatically after their password is
# changed. Defaults to true, so a user is signed in automatically after changing a password.
# config.sign_in_after_change_password = true
end end
Rails.application.config.to_prepare do Rails.application.config.to_prepare do