Posts tagged "devise"

Three tips to improve the performance of your test suite

Three quick short tips to improve the performance of your test suite!

Bare-bone, stripped-down Devise

Last week I spoke at Silicon Valley Ruby Group about PlataformaTec’s open source tools, mainly Devise, Simple Form and Responders. When talking about Devise, I’ve mentioned that, before creating Devise, we were alternating between using Authlogic or Clearance in our projects. However, we soon realized that we needed a solution that was as customizable as … »

Devise Security Release 1.1.6

Note: Devise 1.1.6 broke compatibility with Rails versions prior to 3.0.4, this has been fixed on Devise 1.1.7. Devise 1.1.6 has just been released and it follows Rails 3.0.4 release. Rails 3.0.4 changes how CSRF works and adds a new method called handle_unverified_request that should be properly overridden by authentication frameworks. Devise 1.1.6 implements this … »

2010 – A year in review

This year is coming to an end and it was amazing for us at Plataforma Tecnologia. We are proud to share with you, faithful reader, our accomplishments in 2010, which weren’t few. Open Source The year has begun on fire. In February, José Valim made his way into the Rails Core team and has been … »

Acceptance tests for OmniAuth

One of the great gems released in the past few months was OmniAuth. It is very easy to use, it works without tons of configurations (unless configuring XML files is your thing) and there are already plenty of resources about it on the internet. However, it is not easy to do acceptance tests with Omniauth … »

Session fixation vulnerability in Devise

There is a vulnerability in Devise source code that allows someone to steal your session through session fixation attacks. Who is affected? This vulnerability is present in all Devise versions, in both 1.0 and 1.1 branches. However, you are only affected if you are using a Active Record ou Memcached or other server persistent session … »