Update Devise to 4.7.1

Description

Devise Gem for Ruby confirmation token validation with a blank string

Devise before 4.7.1 confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column.

However, there is no scenario within Devise itself in which such database records would exist.

Patched versions: >= 4.7.1
Unaffected versions: none

Testing

Make sure you can log in with your current account and that you can create and activate a new one.

Activity

Show:
Sarken
September 12, 2019, 10:02 AM

I was able to

  • Log in as a regular user

  • Create, activate, and log in to a new regular user account

Fun funnsies, also confirmed that I could

  • Delete the account I created

  • Log in as an admin

  • Reset my forgotten password

  • Change my password

Looks good, then!

Sammie Louise
September 12, 2019, 9:45 AM

I was able to successfully:

  • Login from the popup in the top right corner

  • Login from the /users/login page

  • Create and activate a new account (and log in to it)

DeployedToBeta

Assignee

Unassigned

Reporter

Sarken

Roadmap

Login

Priority

Medium

Affects versions

Fix versions

Components

BackEnd
Gems

Difficulty

Medium

Milestone

Internal 0.9