alchemy-devise 6.1.0 → 6.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f58d46b9126aecea12b501b449de4effd33b1c5eccf18f82937a5662c35469a4
-  data.tar.gz: 46bf5120a6e8d2dcb536ba407d6bfcf1572164833b789752d9f58e8c84713914
+  metadata.gz: c3c6037023148c5226b1f13b701735f8ee73d4727f3bc69cdbdaea9613cbe7d4
+  data.tar.gz: 9b0881dfadd646ce44f56e4eeb8bba50094c840308bff704f302922556c97dae
 SHA512:
-  metadata.gz: 101acd9fa3dde21bf274bf493e6b9f9e801d47d7e988e01f3cef86fd813951cb291268f9690e06c89a9c1d881a625e9306fd0fc8d1f3b5e485479dcbbe12852f
-  data.tar.gz: 033a6f2df8c32e7281c0b5dd55309947cf0400cfd87ba1703a43c5ab25b098c82ef65edd739750c9fabbf499765d487d7663068fd69a95fbc4fc6a2430f49580
+  metadata.gz: 96bb14ab72f3396e5cf1f4777cba1cd7ca93700b9560fbb2fbaa4a998ba117ee4d64291e575b42fc36b7c00209bb259ddb3f4574c9d5a3857a3993975a44e800
+  data.tar.gz: 82ffa842162d02522901e3db1633ca6aa3e91ff1be5c3deb3cce85449a98f223eb0697cba9cf1aa353160fe45b6989a13895630057257bd327aece6baf77365f

data/CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## 6.3.0 (2023-07-05)
+
+- Remove Alchemy 7.0 and 6.0 support [#174](https://github.com/AlchemyCMS/alchemy-devise/pull/174) ([tvdeyen](https://github.com/tvdeyen))
+- Use standard.rb to lint code [#166](https://github.com/AlchemyCMS/alchemy-devise/pull/166) ([tvdeyen](https://github.com/tvdeyen))
+- Update brakeman scan action [#165](https://github.com/AlchemyCMS/alchemy-devise/pull/165) ([tvdeyen](https://github.com/tvdeyen))
+
+## 6.2.0 (2023-04-01)
+
+- Add Alchemy 7 support [#164](https://github.com/AlchemyCMS/alchemy-devise/pull/164) ([tvdeyen](https://github.com/tvdeyen))
+- Upgrade rspec-rails to version 6.0.1 [#153](https://github.com/AlchemyCMS/alchemy-devise/pull/153) ([depfu](https://github.com/apps/depfu))
+
 ## 6.1.0 (2023-01-20)
 
 - Remove Alchemy 5.3 support [#158](https://github.com/AlchemyCMS/alchemy-devise/pull/158) ([tvdeyen](https://github.com/tvdeyen))

data/README.md

@@ -1,8 +1,9 @@
 ## Devise based authentication for AlchemyCMS
 
 [![Build Status](https://github.com/AlchemyCMS/alchemy-devise/workflows/CI/badge.svg?branch=main)](https://github.com/AlchemyCMS/alchemy-devise/actions)
+[![Brakeman Scan](https://github.com/AlchemyCMS/alchemy-devise/actions/workflows/brakeman-analysis.yml/badge.svg)](https://github.com/AlchemyCMS/alchemy-devise/actions/workflows/brakeman-analysis.yml)
 
-[![Gem Version](https://badge.fury.io/rb/alchemy-devise.svg)](http://badge.fury.io/rb/alchemy-devise) [![Test Coverage](https://codeclimate.com/github/AlchemyCMS/alchemy-devise/badges/coverage.svg)](https://codeclimate.com/github/AlchemyCMS/alchemy-devise/coverage) [![Code Climate](https://codeclimate.com/github/AlchemyCMS/alchemy-devise/badges/gpa.svg)](https://codeclimate.com/github/AlchemyCMS/alchemy-devise) [![security](https://hakiri.io/github/AlchemyCMS/alchemy-devise/main.svg)](https://hakiri.io/github/AlchemyCMS/alchemy-devise/main)
+[![Gem Version](https://badge.fury.io/rb/alchemy-devise.svg)](http://badge.fury.io/rb/alchemy-devise) [![Test Coverage](https://codeclimate.com/github/AlchemyCMS/alchemy-devise/badges/coverage.svg)](https://codeclimate.com/github/AlchemyCMS/alchemy-devise/coverage) [![Code Climate](https://codeclimate.com/github/AlchemyCMS/alchemy-devise/badges/gpa.svg)](https://codeclimate.com/github/AlchemyCMS/alchemy-devise)
 
 AlchemyCMS has no authentication in its core. So it is possible to bring your own authentication and use it to authorize users in AlchemyCMS. If you don't have your own authentication, you can use this gem.
 

data/app/controllers/alchemy/admin/passwords_controller.rb

@@ -7,10 +7,6 @@ module Alchemy
     class PasswordsController < ::Devise::PasswordsController
       include Alchemy::Admin::Locale
 
-      if Alchemy.gem_version <= Gem::Version.new("4.9")
-        before_action { enforce_ssl if ssl_required? && !request.ssl? }
-      end
-
       helper "Alchemy::Admin::Base"
 
       layout "alchemy/admin"

data/app/controllers/alchemy/admin/user_sessions_controller.rb

@@ -9,12 +9,7 @@ module Alchemy
 
       protect_from_forgery prepend: true
 
-      if Alchemy.gem_version <= Gem::Version.new("4.9")
-        before_action except: "destroy" do
-          enforce_ssl if ssl_required? && !request.ssl?
-        end
-      end
-      before_action :check_user_count, :only => :new
+      before_action :check_user_count, only: :new
 
       helper "Alchemy::Admin::Base"
 
@@ -24,11 +19,11 @@ module Alchemy
         authenticate_user!
 
         if user_signed_in?
-          if session[:redirect_path].blank?
-            redirect_path = admin_dashboard_path
+          redirect_path = if session[:redirect_path].blank?
+            admin_dashboard_path
           else
             # We have to strip double slashes from beginning of path, because of strange rails/rack bug.
-            redirect_path = session[:redirect_path].gsub(/\A\/{2,}/, "/")
+            session[:redirect_path].gsub(/\A\/{2,}/, "/")
           end
           redirect_to redirect_path,
             notice: t(:signed_in, scope: "devise.sessions")

data/app/controllers/alchemy/admin/users_controller.rb

@@ -1,7 +1,6 @@
 module Alchemy
   module Admin
     class UsersController < ResourcesController
-
       before_action :set_roles, except: [:index, :destroy]
 
       load_and_authorize_resource class: Alchemy::User,
@@ -14,7 +13,7 @@ module Alchemy
 
       def index
         @query = User.ransack(params[:q])
-        @query.sorts = 'login asc' if @query.sorts.empty?
+        @query.sorts = "login asc" if @query.sorts.empty?
         @users = @query.result
           .page(params[:page] || 1)
           .per(items_per_page)
@@ -53,7 +52,7 @@ module Alchemy
         deliver_welcome_mail
         render_errors_or_redirect @user,
           admin_users_path,
-          Alchemy.t("User updated", :name => @user.name)
+          Alchemy.t("User updated", name: @user.name)
       end
 
       def destroy
@@ -92,9 +91,9 @@ module Alchemy
       end
 
       def signup_admin_or_redirect
-        @user.alchemy_roles = %w(admin)
+        @user.alchemy_roles = %w[admin]
         if @user.save
-          flash[:notice] = Alchemy.t('Successfully signup admin user')
+          flash[:notice] = Alchemy.t("Successfully signup admin user")
           sign_in :user, @user
           deliver_welcome_mail
           redirect_to admin_pages_path
@@ -116,7 +115,7 @@ module Alchemy
       end
 
       def deliver_welcome_mail
-        if @user.valid? && @user.send_credentials == '1'
+        if @user.valid? && @user.send_credentials == "1"
           @user.deliver_welcome_mail
         end
       end

data/app/mailers/alchemy/notifications.rb

@@ -1,7 +1,6 @@
 module Alchemy
   class Notifications < ActionMailer::Base
-
-    default(from: Config.get(:mailer)['mail_from'])
+    default(from: Config.get(:mailer)["mail_from"])
 
     def member_created(user)
       @user = user
@@ -21,7 +20,7 @@ module Alchemy
       )
     end
 
-    def reset_password_instructions(user, token, opts={})
+    def reset_password_instructions(user, token, opts = {})
       @user = user
       @token = token
       mail(

data/app/models/alchemy/user.rb

@@ -1,5 +1,7 @@
-require 'devise/orm/active_record'
-require 'userstamp'
+# frozen_string_literal: true
+
+require "devise/orm/active_record"
+require "userstamp"
 
 module Alchemy
   class User < ActiveRecord::Base
@@ -15,7 +17,7 @@ module Alchemy
       :tag_list
     ]
 
-    devise *Alchemy.devise_modules
+    devise(*Alchemy.devise_modules)
 
     include Alchemy::Taggable
 
@@ -29,13 +31,31 @@ module Alchemy
     # Unlock all locked pages before destroy.
     before_destroy :unlock_pages!
 
-    scope :admins,     -> { where(arel_table[:alchemy_roles].matches('%admin%')) }
-    scope :logged_in,  -> { where('last_request_at > ?', logged_in_timeout.seconds.ago) }
-    scope :logged_out, -> { where('last_request_at is NULL or last_request_at <= ?', logged_in_timeout.seconds.ago) }
+    scope :admins, -> { where(arel_table[:alchemy_roles].matches("%admin%")) }
+    scope :logged_in, -> { where("last_request_at > ?", logged_in_timeout.seconds.ago) }
+    scope :logged_out, -> { where("last_request_at is NULL or last_request_at <= ?", logged_in_timeout.seconds.ago) }
 
     ROLES = Config.get(:user_roles)
 
     class << self
+      def ransackable_attributes(_auth_object = nil)
+        %w[
+          email
+          firstname
+          lastname
+          login
+        ]
+      end
+
+      alias_method :searchable_alchemy_resource_attributes, :ransackable_attributes
+
+      def ransackable_associations(_auth_object = nil)
+        %w[
+          taggings
+          tags
+        ]
+      end
+
       def human_rolename(role)
         Alchemy.t("user_roles.#{role}")
       end
@@ -43,19 +63,6 @@ module Alchemy
       def logged_in_timeout
         Config.get(:auto_logout_time).minutes.to_i
       end
-
-      # Search users that match query
-      #
-      # Attributes searched are: login, email, firstname, lastname
-      #
-      def search(query)
-        query = "%#{query.downcase}%"
-
-        where arel_table[:login].lower.matches(query)
-          .or arel_table[:email].lower.matches(query)
-          .or arel_table[:firstname].lower.matches(query)
-          .or arel_table[:lastname].lower.matches(query)
-      end
     end
 
     def role_symbols
@@ -67,25 +74,26 @@ module Alchemy
     end
 
     def alchemy_roles
-      read_attribute(:alchemy_roles).split(' ')
+      read_attribute(:alchemy_roles).split(" ")
     end
 
     def alchemy_roles=(roles_string)
       if roles_string.is_a? Array
-        write_attribute(:alchemy_roles, roles_string.join(' '))
+        write_attribute(:alchemy_roles, roles_string.join(" "))
       elsif roles_string.is_a? String
         write_attribute(:alchemy_roles, roles_string)
       end
     end
 
     def add_role(role)
-      self.alchemy_roles = self.alchemy_roles.push(role.to_s).uniq
+      self.alchemy_roles = alchemy_roles.push(role.to_s).uniq
     end
 
     # Returns true if the user ahs admin role
     def is_admin?
-      has_role? 'admin'
+      has_role? "admin"
     end
+
     alias_method :admin?, :is_admin?
 
     # Returns true if the user has the given role.
@@ -105,6 +113,7 @@ module Alchemy
     def pages_locked_by_me
       Page.locked_by(self).order(:updated_at)
     end
+
     alias_method :locked_pages, :pages_locked_by_me
 
     # Returns the firstname and lastname as a string
@@ -118,11 +127,12 @@ module Alchemy
       if lastname.blank? && firstname.blank?
         login
       else
-        options = {:flipped => false}.merge(options)
+        options = {flipped: false}.merge(options)
         fullname = options[:flipped] ? "#{lastname}, #{firstname}" : "#{firstname} #{lastname}"
         fullname.squeeze(" ").strip
       end
     end
+
     alias_method :name, :fullname
     alias_method :alchemy_display_name, :fullname
 
@@ -150,7 +160,7 @@ module Alchemy
     # Delivers a welcome mail depending from user's role.
     #
     def deliver_welcome_mail
-      if has_role?('author') || has_role?('editor') || has_role?('admin')
+      if has_role?("author") || has_role?("editor") || has_role?("admin")
         Notifications.alchemy_user_created(self).deliver_later
       else
         Notifications.member_created(self).deliver_later

data/config/initializers/alchemy.rb

@@ -13,8 +13,8 @@ Rails.application.config.to_prepare do
       name: "modules.users",
       controller: "/alchemy/admin/users",
       action: "index",
-      icon: "users",
-    },
+      icon: "users"
+    }
   })
 
   Alchemy.signup_path = "/admin/signup"

data/config/routes.rb

@@ -3,35 +3,34 @@ Alchemy::Engine.routes.draw do
     path: Alchemy.admin_path,
     constraints: Alchemy.admin_constraints
   } do
-
     devise_for :user,
-      class_name: 'Alchemy::User',
+      class_name: "Alchemy::User",
       singular: :user,
       skip: :all,
       controllers: {
-        sessions: 'alchemy/admin/user_sessions',
-        passwords: 'alchemy/admin/passwords'
+        sessions: "alchemy/admin/user_sessions",
+        passwords: "alchemy/admin/passwords"
       },
       router_name: :alchemy
 
     devise_scope :user do
-      get '/dashboard' => 'dashboard#index',
+      get "/dashboard" => "dashboard#index",
         :as => :user_root
-      get '/signup' => 'users#signup',
+      get "/signup" => "users#signup",
         :as => :signup
-      get '/login' => 'user_sessions#new',
+      get "/login" => "user_sessions#new",
         :as => :login
-      post '/login' => 'user_sessions#create'
-      match '/logout' => 'user_sessions#destroy',
-        :as => :logout, via: Devise.sign_out_via
+      post "/login" => "user_sessions#create"
+      match "/logout" => "user_sessions#destroy",
+        :as => :logout, :via => Devise.sign_out_via
 
-      get '/passwords' => 'passwords#new',
+      get "/passwords" => "passwords#new",
         :as => :new_password
-      get '/passwords/:id/edit/:reset_password_token' => 'passwords#edit',
+      get "/passwords/:id/edit/:reset_password_token" => "passwords#edit",
         :as => :edit_password
-      post '/passwords' => 'passwords#create',
+      post "/passwords" => "passwords#create",
         :as => :reset_password
-      patch '/passwords' => 'passwords#update',
+      patch "/passwords" => "passwords#update",
         :as => :update_password
     end
 

data/config/spring.rb

@@ -1 +1 @@
-Spring.application_root = 'spec/dummy'
+Spring.application_root = "spec/dummy"

data/db/migrate/20131015124700_create_alchemy_users.rb

@@ -2,26 +2,26 @@ class CreateAlchemyUsers < ActiveRecord::Migration[4.2]
   def up
     return if table_exists?(:alchemy_users)
     create_table "alchemy_users" do |t|
-      t.string   "firstname"
-      t.string   "lastname"
-      t.string   "login"
-      t.string   "email"
-      t.string   "language"
-      t.string   "encrypted_password",     limit: 128, default: "",       null: false
-      t.string   "password_salt",          limit: 128, default: "",       null: false
-      t.integer  "sign_in_count",                      default: 0,        null: false
-      t.integer  "failed_attempts",                    default: 0,        null: false
+      t.string "firstname"
+      t.string "lastname"
+      t.string "login"
+      t.string "email"
+      t.string "language"
+      t.string "encrypted_password", limit: 128, default: "", null: false
+      t.string "password_salt", limit: 128, default: "", null: false
+      t.integer "sign_in_count", default: 0, null: false
+      t.integer "failed_attempts", default: 0, null: false
       t.datetime "last_request_at"
       t.datetime "current_sign_in_at"
       t.datetime "last_sign_in_at"
-      t.string   "current_sign_in_ip"
-      t.string   "last_sign_in_ip"
-      t.datetime "created_at",                                            null: false
-      t.datetime "updated_at",                                            null: false
-      t.integer  "creator_id"
-      t.integer  "updater_id"
-      t.text     "cached_tag_list"
-      t.string   "reset_password_token"
+      t.string "current_sign_in_ip"
+      t.string "last_sign_in_ip"
+      t.datetime "created_at", null: false
+      t.datetime "updated_at", null: false
+      t.integer "creator_id"
+      t.integer "updater_id"
+      t.text "cached_tag_list"
+      t.string "reset_password_token"
       t.datetime "reset_password_sent_at"
     end
 

data/lib/alchemy/devise/engine.rb

@@ -1,24 +1,24 @@
-require 'alchemy_cms'
-require 'devise'
+require "alchemy_cms"
+require "devise"
 
 module Alchemy
   module Devise
     class Engine < ::Rails::Engine
       isolate_namespace Alchemy
-      engine_name 'alchemy_devise'
+      engine_name "alchemy_devise"
 
       initializer "alchemy_devise.user_class", before: "alchemy.userstamp" do
         Alchemy.user_class_name = "Alchemy::User"
       end
 
-      initializer 'alchemy_devise.assets' do |app|
+      initializer "alchemy_devise.assets" do |app|
         app.config.assets.precompile += [
-          'alchemy-devise.css'
+          "alchemy-devise.css"
         ]
       end
 
       config.to_prepare do
-        require_relative '../../../app/controllers/alchemy/base_controller_extension.rb'
+        require_relative "../../../app/controllers/alchemy/base_controller_extension"
       end
     end
   end

data/lib/alchemy/devise/test_support/factories.rb

@@ -4,25 +4,25 @@ FactoryBot.define do
   factory :alchemy_user, class: Alchemy::User do
     sequence(:login) { |n| "john_#{n}.doe" }
     sequence(:email) { |n| "john_#{n}@doe.com" }
-    firstname { 'John' }
-    lastname { 'Doe' }
-    password { 's3cr3t' }
-    password_confirmation { 's3cr3t' }
+    firstname { "John" }
+    lastname { "Doe" }
+    password { "s3cr3t" }
+    password_confirmation { "s3cr3t" }
 
     factory :alchemy_admin_user do
-      alchemy_roles { 'admin' }
+      alchemy_roles { "admin" }
     end
 
     factory :alchemy_member_user do
-      alchemy_roles { 'member' }
+      alchemy_roles { "member" }
     end
 
     factory :alchemy_author_user do
-      alchemy_roles { 'author' }
+      alchemy_roles { "author" }
     end
 
     factory :alchemy_editor_user do
-      alchemy_roles { 'editor' }
+      alchemy_roles { "editor" }
     end
   end
 end

data/lib/alchemy/devise/version.rb

@@ -1,5 +1,5 @@
 module Alchemy
   module Devise
-    VERSION = "6.1.0"
+    VERSION = "6.3.0"
   end
 end

data/lib/alchemy/devise.rb

@@ -6,12 +6,12 @@ module Alchemy
   # === Default modules
   #
   #     [
-  #.      :database_authenticatable,
+  # .      :database_authenticatable,
   #       :trackable,
   #       :validatable,
   #       :timeoutable,
   #       :recoverable
-  #.    ]
+  # .    ]
   #
   # If you want to add additional modules into the Alchemy user class append
   # them to this collection in an initializer in your app.

data/lib/generators/alchemy/devise/install/install_generator.rb

@@ -3,18 +3,18 @@ module Alchemy
     module Generators
       class InstallGenerator < Rails::Generators::Base
         desc "Installs Alchemy Devise based authentication into your app."
-        source_root File.expand_path('templates', File.dirname(__FILE__))
+        source_root File.expand_path("templates", File.dirname(__FILE__))
 
         def copy_devise_config
-          template 'devise.rb.tt', 'config/initializers/devise.rb'
+          template "devise.rb.tt", "config/initializers/devise.rb"
         end
 
         def add_migrations
-          run 'bundle exec rake alchemy_devise:install:migrations'
+          run "bundle exec rake alchemy_devise:install:migrations"
         end
 
         def run_migrations
-          run 'bundle exec rake db:migrate'
+          run "bundle exec rake db:migrate"
         end
 
         def append_assets

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: alchemy-devise
 version: !ruby/object:Gem::Version
-  version: 6.1.0
+  version: 6.3.0
 platform: ruby
 authors:
 - Thomas von Deyen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-20 00:00:00.000000000 Z
+date: 2023-07-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: alchemy_cms
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 6.1.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '7'
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 6.1.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '7'
@@ -112,14 +112,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.1.2
+        version: 6.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.1.2
+        version: 6.0.1
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -210,7 +210,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.26
+rubygems_version: 3.4.15
 signing_key:
 specification_version: 4
 summary: Devise based user authentication for AlchemyCMS.