diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index fc9aa1ce..16e3a47a 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -4,6 +4,8 @@ Devise.setup do |config| # The secret key used by Devise. Devise uses this key to generate # random tokens. Changing this key will render invalid all existing # confirmation, reset password and unlock tokens in the database. + # Devise will use the `secret_key_base` as its `secret_key` + # by default. You can change it below and use your own secret key. # config.secret_key = 'not used in rails 4' # ==> Mailer Configuration @@ -15,6 +17,9 @@ Devise.setup do |config| # Configure the class responsible to send e-mails. # config.mailer = 'Devise::Mailer' + # Configure the parent class responsible to send e-mails. + # config.parent_mailer = 'ActionMailer::Base' + # ==> ORM configuration # Load and configure the ORM. Supports :active_record (default) and # :mongoid (bson_ext recommended) by default. Other ORMs may be @@ -30,7 +35,7 @@ Devise.setup do |config| # filter. # You can also supply a hash where the value is a boolean determining whether # or not authentication should be aborted when the value is not present. - # config.authentication_keys = [ :email ] + # config.authentication_keys = [:email] # Configure parameters from the request object used for authentication. Each # entry given should be a request method and it will automatically be passed @@ -91,20 +96,32 @@ Devise.setup do |config| # from the server. You can disable this option at your own risk. # config.clean_up_csrf_token_on_authentication = true + # When false, Devise will not attempt to reload routes on eager load. + # This can reduce the time taken to boot the app but if your application + # requires the Devise mappings to be loaded during boot time the application + # won't boot properly. + # config.reload_routes = true + # ==> Configuration for :database_authenticatable - # For bcrypt, this is the cost for hashing the password and defaults to 10. If - # using other encryptors, it sets how many times you want the password - # re-encrypted. + # For bcrypt, this is the cost for hashing the password and defaults to 11. If + # using other algorithms, it sets how many times you want the password to be + # hashed. # # Limiting the stretches to just one in testing will increase the performance # of your test suite dramatically. However, it is STRONGLY RECOMMENDED to not - # use a value less than 10 in other environments. - config.stretches = Rails.env.test? ? 1 : 10 + # use a value less than 10 in other environments. Note that, for bcrypt (the + # default algorithm), the cost increases exponentially with the number of + # stretches (e.g. a value of 20 is already extremely slow: approx. 60 + # seconds for 1 calculation). + config.stretches = Rails.env.test? ? 1 : 11 - # Setup a pepper to generate the encrypted password. + # Set up a pepper to generate the hashed password. # config.pepper = # 'a5d405c1f73d70b39798058c401d3aedbcea8e19d953ee0d2b038ff093abe0ea94b255d759' + # Send a notification email when the user's password is changed + # config.send_password_change_notification = false + # ==> Configuration for :confirmable # A period that the user is allowed to access the website even without # confirming their account. For instance, if set to 2.days, the user will be @@ -123,13 +140,13 @@ Devise.setup do |config| # If true, requires any email changes to be confirmed (exactly the same way as # initial account confirmation) to be applied. Requires additional - # unconfirmed_email db field (see migrations). Until confirmed new email is - # stored in unconfirmed email column, and copied to email column on + # unconfirmed_email db field (see migrations). Until confirmed, new email is + # stored in unconfirmed_email column, and copied to email column on # successful confirmation. config.reconfirmable = true # Defines which key will be used when confirming an account - # config.confirmation_keys = [ :email ] + # config.confirmation_keys = [:email] # ==> Configuration for :rememberable # The time the user will be remembered without asking for credentials again. @@ -147,21 +164,18 @@ Devise.setup do |config| # ==> Configuration for :validatable # Range for password length. - config.password_length = 8..128 + config.password_length = 6..128 # Email regex used to validate email formats. It simply asserts that # one (and only one) @ exists in the given string. This is mainly # to give user feedback and not to assert the e-mail validity. - # config.email_regexp = /\A[^@]+@[^@]+\z/ + config.email_regexp = /\A[^@\s]+@[^@\s]+\z/ # ==> Configuration for :timeoutable # The time you want to timeout the user session without activity. After this # time the user will be asked for credentials again. Default is 30 minutes. # config.timeout_in = 30.minutes - # If true, expires auth token on session timeout. - # config.expire_auth_token_on_timeout = false - # ==> Configuration for :lockable # Defines which strategy will be used to lock an account. # :failed_attempts = Locks an account after a number of failed attempts to @@ -170,7 +184,7 @@ Devise.setup do |config| # config.lock_strategy = :failed_attempts # Defines which key will be used when locking and unlocking an account - # config.unlock_keys = [ :email ] + # config.unlock_keys = [:email] # Defines which strategy will be used to unlock an account. # :email = Sends an unlock link to the user email @@ -193,19 +207,25 @@ Devise.setup do |config| # ==> Configuration for :recoverable # # Defines which key will be used when recovering the password for an account - # config.reset_password_keys = [ :email ] + # config.reset_password_keys = [:email] # Time interval you can reset your password with a reset password key. # Don't put a too small interval or your users won't have the time to # change their passwords. config.reset_password_within = 6.hours + # When set to false, does not sign a user in automatically after their + # password is reset. Defaults to true, so a user is signed in automatically + # after a reset. + # config.sign_in_after_reset_password = true + # ==> Configuration for :encryptable - # Allow you to use another encryption algorithm besides bcrypt (default). You - # can use :sha1, :sha512 or encryptors from others authentication tools as - # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to - # 20 for default behavior) and :restful_authentication_sha1 (then you should - # set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). + # Allow you to use another hashing or encryption algorithm besides bcrypt + # (default). + # You can use :sha1, :sha512 or algorithms from others authentication tools + # as :clearance_sha1, :authlogic_sha512 (then you should set stretches above + # to 20 for default behavior) and :restful_authentication_sha1 (then you + # should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). # # Require the `devise-encryptable` gem when using anything other than bcrypt # config.encryptor = :sha512 @@ -264,7 +284,7 @@ Devise.setup do |config| # The router that invoked `devise_for`, in the example above, would be: # config.router_name = :my_engine # - # When using omniauth, Devise cannot automatically set Omniauth path, + # When using OmniAuth, Devise cannot automatically set OmniAuth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' end diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml index 6cd4cd27..bd4c3ebc 100644 --- a/config/locales/devise.en.yml +++ b/config/locales/devise.en.yml @@ -3,49 +3,52 @@ en: devise: confirmations: - confirmed: "Your account was successfully confirmed." - send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes." - send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." + confirmed: "Your email address has been successfully confirmed." + send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." failure: already_authenticated: "You are already signed in." inactive: "Your account is not activated yet." - invalid: "Invalid email or password." + invalid: "Invalid %{authentication_keys} or password." locked: "Your account is locked." - last_attempt: "You have one more attempt before your account will be locked." - not_found_in_database: "Invalid email or password." + last_attempt: "You have one more attempt before your account is locked." + not_found_in_database: "Invalid %{authentication_keys} or password." timeout: "Your session expired. Please sign in again to continue." unauthenticated: "You need to sign in or sign up before continuing." - unconfirmed: "You have to confirm your account before continuing." + unconfirmed: "You have to confirm your email address before continuing." mailer: confirmation_instructions: subject: "Confirmation instructions" reset_password_instructions: subject: "Reset password instructions" unlock_instructions: - subject: "Unlock Instructions" + subject: "Unlock instructions" + password_change: + subject: "Password Changed" omniauth_callbacks: failure: "Could not authenticate you from %{kind} because \"%{reason}\"." success: "Successfully authenticated from %{kind} account." passwords: no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." - send_instructions: "You will receive an email with instructions about how to reset your password in a few minutes." + send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." - updated: "Your password was changed successfully. You are now signed in." - updated_not_active: "Your password was changed successfully." + updated: "Your password has been changed successfully. You are now signed in." + updated_not_active: "Your password has been changed successfully." registrations: - destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon." + destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon." signed_up: "Welcome! You have signed up successfully." signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." - signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account." - update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address." - updated: "You updated your account successfully." + signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." + updated: "Your account has been updated successfully." sessions: signed_in: "Signed in successfully." signed_out: "Signed out successfully." + already_signed_out: "Signed out successfully." unlocks: - send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes." - send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes." + send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes." + send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." unlocked: "Your account has been unlocked successfully. Please sign in to continue." errors: messages: