devise.rb in devise-jdguyot-1.2.rc3

- old
+ new

@@ -12,10 +12,11 @@
   autoload :TestHelpers, 'devise/test_helpers'
 
   module Controllers
     autoload :Helpers, 'devise/controllers/helpers'
     autoload :InternalHelpers, 'devise/controllers/internal_helpers'
+    autoload :Rememberable, 'devise/controllers/rememberable'
     autoload :ScopedViews, 'devise/controllers/scoped_views'
     autoload :UrlHelpers, 'devise/controllers/url_helpers'
   end
 
   module Encryptors
@@ -67,13 +68,13 @@
   # Request keys used when authenticating a user.
   mattr_accessor :request_keys
   @@request_keys = []
 
   # Keys that should be case-insensitive.
-  # Empty by default for backwards compatibility.
+  # False by default for backwards compatibility.
   mattr_accessor :case_insensitive_keys
-  @@case_insensitive_keys = []
+  @@case_insensitive_keys = false
 
   # If http authentication is enabled by default.
   mattr_accessor :http_authenticatable
   @@http_authenticatable = false
 
@@ -379,11 +380,10 @@
     ActiveSupport::SecureRandom.base64(15).tr('+/=', 'xyz')
   end
 
   # constant-time comparison algorithm to prevent timing attacks
   def self.secure_compare(a, b)
-    return false unless a.present? && b.present?
-    return false unless a.bytesize == b.bytesize
+    return false if a.blank? || b.blank? || a.bytesize != b.bytesize
     l = a.unpack "C#{a.bytesize}"
 
     res = 0
     b.each_byte { |byte| res |= byte ^ l.shift }
     res == 0