mirror of
https://github.com/internetee/registry.git
synced 2025-07-24 19:48:28 +02:00
Regenerate and tune Devise config
This commit is contained in:
parent
0f6df9e3f8
commit
ebe831e782
1 changed files with 49 additions and 33 deletions
|
@ -1,26 +1,31 @@
|
|||
require 'devise_custom_failure'
|
||||
# frozen_string_literal: true
|
||||
|
||||
# Use this hook to configure devise mailer, warden hooks and so forth.
|
||||
# Many of these configuration options can be set straight in your model.
|
||||
Devise.setup do |config|
|
||||
config.warden do |manager|
|
||||
manager.failure_app = DeviseCustomFailure
|
||||
end
|
||||
|
||||
# The secret key used by Devise. Devise uses this key to generate
|
||||
# random tokens. Changing this key will render invalid all existing
|
||||
# confirmation, reset password and unlock tokens in the database.
|
||||
# Devise will use the `secret_key_base` as its `secret_key`
|
||||
# by default. You can change it below and use your own secret key.
|
||||
config.secret_key = ENV['devise_secret']
|
||||
|
||||
# ==> Controller configuration
|
||||
# Configure the parent class to the devise controllers.
|
||||
# config.parent_controller = 'DeviseController'
|
||||
|
||||
# ==> Mailer Configuration
|
||||
# Configure the e-mail address which will be shown in Devise::Mailer,
|
||||
# note that it will be overwritten if you use your own mailer class
|
||||
# with default "from" parameter.
|
||||
config.mailer_sender = 'noreply@example.com'
|
||||
config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
|
||||
|
||||
# Configure the class responsible to send e-mails.
|
||||
# config.mailer = 'Devise::Mailer'
|
||||
|
||||
# Configure the parent class responsible to send e-mails.
|
||||
# config.parent_mailer = 'ActionMailer::Base'
|
||||
|
||||
# ==> ORM configuration
|
||||
# Load and configure the ORM. Supports :active_record (default) and
|
||||
# :mongoid (bson_ext recommended) by default. Other ORMs may be
|
||||
|
@ -35,7 +40,7 @@ Devise.setup do |config|
|
|||
# session. If you need permissions, you should implement that in a before filter.
|
||||
# You can also supply a hash where the value is a boolean determining whether
|
||||
# or not authentication should be aborted when the value is not present.
|
||||
# config.authentication_keys = [ :email ]
|
||||
# config.authentication_keys = [:email]
|
||||
|
||||
# Configure parameters from the request object used for authentication. Each entry
|
||||
# given should be a request method and it will automatically be passed to the
|
||||
|
@ -67,7 +72,7 @@ Devise.setup do |config|
|
|||
# :database = Support basic authentication with authentication key + password
|
||||
# config.http_authenticatable = false
|
||||
|
||||
# If http headers should be returned for AJAX requests. True by default.
|
||||
# If 401 status code should be returned for AJAX requests. True by default.
|
||||
# config.http_authenticatable_on_xhr = true
|
||||
|
||||
# The realm used in Http Basic Authentication. 'Application' by default.
|
||||
|
@ -91,20 +96,31 @@ Devise.setup do |config|
|
|||
# from the server. You can disable this option at your own risk.
|
||||
# config.clean_up_csrf_token_on_authentication = true
|
||||
|
||||
# When false, Devise will not attempt to reload routes on eager load.
|
||||
# This can reduce the time taken to boot the app but if your application
|
||||
# requires the Devise mappings to be loaded during boot time the application
|
||||
# won't boot properly.
|
||||
# config.reload_routes = true
|
||||
|
||||
# ==> Configuration for :database_authenticatable
|
||||
# For bcrypt, this is the cost for hashing the password and defaults to 10. If
|
||||
# using other encryptors, it sets how many times you want the password re-encrypted.
|
||||
# For bcrypt, this is the cost for hashing the password and defaults to 11. If
|
||||
# using other algorithms, it sets how many times you want the password to be hashed.
|
||||
#
|
||||
# Limiting the stretches to just one in testing will increase the performance of
|
||||
# your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
|
||||
# a value less than 10 in other environments. Note that, for bcrypt (the default
|
||||
# encryptor), the cost increases exponentially with the number of stretches (e.g.
|
||||
# algorithm), the cost increases exponentially with the number of stretches (e.g.
|
||||
# a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
|
||||
config.stretches = Rails.env.test? ? 1 : 10
|
||||
config.stretches = Rails.env.test? ? 1 : 11
|
||||
|
||||
# Setup a pepper to generate the encrypted password.
|
||||
# config.pepper = '4d1b39f778c3ea5b415476ce410f337a27895181a8ccd586c60e50e0f7284' \
|
||||
# '3d5d6ded80558ed7a4637de6b3a1504379270af6eee995fd9a329e4f4c5daa33882'
|
||||
# Set up a pepper to generate the hashed password.
|
||||
# config.pepper = '1fc02c7f3a9d5d0dc6c3e49828eb45d29e5fdb3136f78ee0063a2cdf774b7ed53ea40176d5823703554b7f015dd23c0e491fb488bb705a0768db32d02b1d088d'
|
||||
|
||||
# Send a notification to the original email when the user's email is changed.
|
||||
# config.send_email_changed_notification = false
|
||||
|
||||
# Send a notification email when the user's password is changed.
|
||||
# config.send_password_change_notification = false
|
||||
|
||||
# ==> Configuration for :confirmable
|
||||
# A period that the user is allowed to access the website even without
|
||||
|
@ -129,11 +145,11 @@ Devise.setup do |config|
|
|||
config.reconfirmable = true
|
||||
|
||||
# Defines which key will be used when confirming an account
|
||||
# config.confirmation_keys = [ :email ]
|
||||
# config.confirmation_keys = [:email]
|
||||
|
||||
# ==> Configuration for :rememberable
|
||||
# The time the user will be remembered without asking for credentials again.
|
||||
config.remember_for = 2.weeks
|
||||
# config.remember_for = 2.weeks
|
||||
|
||||
# Invalidates all the remember me tokens when the user signs out.
|
||||
config.expire_all_remember_me_on_sign_out = true
|
||||
|
@ -152,15 +168,12 @@ Devise.setup do |config|
|
|||
# Email regex used to validate email formats. It simply asserts that
|
||||
# one (and only one) @ exists in the given string. This is mainly
|
||||
# to give user feedback and not to assert the e-mail validity.
|
||||
# config.email_regexp = /\A[^@]+@[^@]+\z/
|
||||
config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
|
||||
|
||||
# ==> Configuration for :timeoutable
|
||||
# The time you want to timeout the user session without activity. After this
|
||||
# time the user will be asked for credentials again. Default is 30 minutes.
|
||||
config.timeout_in = ENV['user_session_timeout'].to_i.seconds if ENV['user_session_timeout']
|
||||
|
||||
# If true, expires auth token on session timeout.
|
||||
# config.expire_auth_token_on_timeout = false
|
||||
# config.timeout_in = 30.minutes
|
||||
|
||||
# ==> Configuration for :lockable
|
||||
# Defines which strategy will be used to lock an account.
|
||||
|
@ -169,7 +182,7 @@ Devise.setup do |config|
|
|||
# config.lock_strategy = :failed_attempts
|
||||
|
||||
# Defines which key will be used when locking and unlocking an account
|
||||
# config.unlock_keys = [ :email ]
|
||||
# config.unlock_keys = [:email]
|
||||
|
||||
# Defines which strategy will be used to unlock an account.
|
||||
# :email = Sends an unlock link to the user email
|
||||
|
@ -186,24 +199,28 @@ Devise.setup do |config|
|
|||
# config.unlock_in = 1.hour
|
||||
|
||||
# Warn on the last attempt before the account is locked.
|
||||
# config.last_attempt_warning = false
|
||||
# config.last_attempt_warning = true
|
||||
|
||||
# ==> Configuration for :recoverable
|
||||
#
|
||||
# Defines which key will be used when recovering the password for an account
|
||||
# config.reset_password_keys = [ :email ]
|
||||
# config.reset_password_keys = [:email]
|
||||
|
||||
# Time interval you can reset your password with a reset password key.
|
||||
# Don't put a too small interval or your users won't have the time to
|
||||
# change their passwords.
|
||||
config.reset_password_within = 6.hours
|
||||
|
||||
# When set to false, does not sign a user in automatically after their password is
|
||||
# reset. Defaults to true, so a user is signed in automatically after a reset.
|
||||
# config.sign_in_after_reset_password = true
|
||||
|
||||
# ==> Configuration for :encryptable
|
||||
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
|
||||
# :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
|
||||
# :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
|
||||
# and :restful_authentication_sha1 (then you should set stretches to 10, and copy
|
||||
# REST_AUTH_SITE_KEY to pepper).
|
||||
# Allow you to use another hashing or encryption algorithm besides bcrypt (default).
|
||||
# You can use :sha1, :sha512 or algorithms from others authentication tools as
|
||||
# :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
|
||||
# for default behavior) and :restful_authentication_sha1 (then you should set
|
||||
# stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
|
||||
#
|
||||
# Require the `devise-encryptable` gem when using anything other than bcrypt
|
||||
# config.encryptor = :sha512
|
||||
|
@ -220,7 +237,7 @@ Devise.setup do |config|
|
|||
|
||||
# Set this configuration to false if you want /users/sign_out to sign out
|
||||
# only the current scope. By default, Devise signs out all scopes.
|
||||
# config.sign_out_all_scopes = true
|
||||
config.sign_out_all_scopes = false
|
||||
|
||||
# ==> Navigation configuration
|
||||
# Lists the formats that should be treated as navigational. Formats like
|
||||
|
@ -260,8 +277,7 @@ Devise.setup do |config|
|
|||
# The router that invoked `devise_for`, in the example above, would be:
|
||||
# config.router_name = :my_engine
|
||||
#
|
||||
# When using omniauth, Devise cannot automatically set Omniauth path,
|
||||
# When using OmniAuth, Devise cannot automatically set OmniAuth path,
|
||||
# so you need to do it manually. For the users scope, it would be:
|
||||
# config.omniauth_path_prefix = '/my_engine/users/auth'
|
||||
end
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue