Devise is one of those gems that are tightly bound to the Rails stack. It means that as long as you follow the “Rails way” and you do things the recommended way, you should not have any problems. However, Trailblazer is not the recommended way and the way it works, not always makes it painless […]
Read more at the sourceCategory Archives: devise
Ruby on Rails: Migrating to Devise from your own authentication engine – Using custom Encryptors
Having your own authentication engine can be fun. You get to know how things work, why you should use salt, pepper, SHA2 instead of MD5 and much more. It also allows you to work with many old systems built before anyone heard about Devise. Still, I must say, that in old, maintained systems, sometimes it […]
Read more at the sourceTips for keeping your Open Source Software issues tracker tidy
Charlie Somerville recently tweeted he wished there was a good guide about maintaining open source software: I wish there was a good guide on maintaining OSS projects. I’m a maintainer of a reasonably popular project and I have NFI what I’m doing. — Charlie Somerville (@charliesome) April 26, 2014 In between consultancy jobs and building […]
E-mail enumeration in Devise in paranoid mode
It has been reported that malicious users can do e-mail enumeration on sign in via timing attacks despite paranoid mode being enabled. Whenever you try to reset your password or confirm your account, Devise gives you precise information on how to proceed, if the e-mail given is valid, if the token has not expired and […]