castle_devise 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c13e653cf7d00df4cdb2436431a031be5c4120d5e667ff2c5feb00effd374011
-  data.tar.gz: 8c4c4fafd623cda48e9f9c125c81cda8071ae81e7ec62cad74bc0476bd89c4ea
+  metadata.gz: 7cc0ef1100f1ceb942fa1be6553b6b7ca862656e3c7a6b9b57459285a69a46a7
+  data.tar.gz: 9222268f8c6e22fb367bbc0cc9a0ce52b5dc8854f8eefa0f2f34e2afaa4a92eb
 SHA512:
-  metadata.gz: 3066ab56d17f1d3097f4aecaa115162e0e9263016cd4dce602a0491d5071ad5fcb933871d6830147303ca859cd60e5c503cdd30dc23112e0b94c0337e4cabee2
-  data.tar.gz: b8c18958cc92790e26e4e222c8c7f34f4db8be72c1c55d54225ca23dd427bcad7082c1efe7208655dbe43c3d31840fbc4875797e53d7b074eef88e21d1a7d118
+  metadata.gz: b6a11b460114c2133776991e4cde4f11a9030e5b019ea0162712b070a72b9adbd50cfad1f866cf90a92b05f505464ded6d9727a474c22edd5f65a9ed6f4fb0d6
+  data.tar.gz: 292fe6b7dff6f11135c8e63b53ee4484cc8c1dd93dab449d58ef765b29935a8f4bbb925896bf4b4d06b21f1e44cc7ce748af8226287c832b9e8409026bc81c23

data/.github/workflows/specs.yml

@@ -1,25 +1,43 @@
 name: Specs
 
-on: [push,pull_request]
+on: [push]
 
 jobs:
   build:
     environment: tests
     runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["2.6", "2.7", "3.0"]
+        rails: ["5.2", "6.0", "6.1"]
+        exclude:
+          - ruby: "3.0"
+            rails: "5.2"
+
     steps:
     - uses: actions/checkout@v2
-    - name: Set up Ruby
+    - name: Set up Ruby ${{ matrix.ruby }}
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.5
-    - name: Run specs
+        ruby-version: ${{ matrix.ruby }}
+    - name: Install depenencies
+      env:
+        BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.rails }}.gemfile
       run: |
-        gem install bundler -v 2.2.19
+        gem update --system
+        bundle config path vendor/bundle
         bundle install
-        bundle exec rake
+    - name: Run specs
       env:
+        BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.rails }}.gemfile
         CASTLE_API_SECRET: ${{ secrets.CASTLE_API_SECRET }}
+      run: |
+        bundle exec rake
     - name: Simplecov Report
+      if:
+        ${{ matrix.rails == '6.1' && matrix.ruby >= '3.0' }}
       uses: aki77/simplecov-report-action@v1
       with:
         token: ${{ secrets.GITHUB_TOKEN }}

data/.gitignore

@@ -13,6 +13,12 @@
 # IntelliJ
 .idea/
 
+.bundle
+
+# We do want the CI builds to fail when new dependencies ship breaking changes
+# so don't checkin the lockfiles used for the build.
+gemfiles/*.lock
+
 vendor/
 
 spec/dummy_app/log/

data/.rspec

@@ -1,3 +1,3 @@
---format documentation
+--format progress
 --color
 --require spec_helper

data/Appraisals

@@ -0,0 +1,13 @@
+if RUBY_VERSION < "3.0"
+  appraise "rails-5.2" do
+    gem "railties", "~> 5.2.6"
+  end
+end
+
+appraise "rails-6.0" do
+  gem "railties", "~> 6.0.4"
+end
+
+appraise "rails-6.1" do
+  gem "railties", "~> 6.1.4"
+end

data/CHANGELOG.md

@@ -1,5 +1,18 @@
-## [Unreleased]
+# Changelog
 
-## [0.1.0] - 2021-06-11
+## [Unreleased][main]
+
+## [0.2.0] - 2021-08-12
+
+- Add Log action for $profile_update event with $succeeded and $failed statuses during reset password process
+- Add Risk action for $profile_update event with $attempted status and Log action for $profile_update event with $succeeded and $failed statuses
+- Add Log action for $password_reset_request event with $succeeded and $failed statuses
+- Run specs in multiple ruby and rails versions.
+
+## [0.1.0] - 2021-07-08
 
 - Initial release
+
+[main]: https://github.com/castle/castle_devise/compare/v0.2.0...HEAD
+[0.2.0]: https://github.com/castle/castle_devise/compare/v0.1.0...v0.2.0
+[0.1.0]: https://github.com/castle/castle_devise/releases/tag/v0.1.0

data/Gemfile

@@ -5,8 +5,10 @@ source "https://rubygems.org"
 # Specify your gem's dependencies in castle-devise.gemspec
 gemspec
 
+gem "actionmailer"
 gem "activerecord"
-gem "railties", "~> 5.2"
+gem "byebug"
+gem "railties", "~> 6.1"
 gem "rake"
 gem "rspec"
 gem "rspec-rails"

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    castle_devise (0.1.0)
+    castle_devise (0.2.0)
       activesupport (>= 5.0)
       castle-rb (>= 7.0, < 8.0)
       devise (>= 4.3.0, < 5.0)
@@ -9,36 +9,50 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (5.2.6)
-      actionview (= 5.2.6)
-      activesupport (= 5.2.6)
-      rack (~> 2.0, >= 2.0.8)
+    actionmailer (6.1.4)
+      actionpack (= 6.1.4)
+      actionview (= 6.1.4)
+      activejob (= 6.1.4)
+      activesupport (= 6.1.4)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (6.1.4)
+      actionview (= 6.1.4)
+      activesupport (= 6.1.4)
+      rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.6)
-      activesupport (= 5.2.6)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (6.1.4)
+      activesupport (= 6.1.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activemodel (5.2.6)
-      activesupport (= 5.2.6)
-    activerecord (5.2.6)
-      activemodel (= 5.2.6)
-      activesupport (= 5.2.6)
-      arel (>= 9.0)
-    activesupport (5.2.6)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.1.4)
+      activesupport (= 6.1.4)
+      globalid (>= 0.3.6)
+    activemodel (6.1.4)
+      activesupport (= 6.1.4)
+    activerecord (6.1.4)
+      activemodel (= 6.1.4)
+      activesupport (= 6.1.4)
+    activesupport (6.1.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    addressable (2.7.0)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    arel (9.0.0)
+    appraisal (2.3.0)
+      bundler
+      rake
+      thor (>= 0.14.0)
     ast (2.4.2)
     bcrypt (3.1.16)
     builder (3.2.4)
+    byebug (11.1.3)
     castle-rb (7.1.1)
     concurrent-ruby (1.1.9)
     crack (0.4.5)
@@ -53,19 +67,24 @@ GEM
     diff-lcs (1.4.4)
     docile (1.4.0)
     erubi (1.10.0)
+    globalid (0.5.1)
+      activesupport (>= 5.0)
     hashdiff (1.0.1)
     i18n (1.8.10)
       concurrent-ruby (~> 1.0)
     loofah (2.10.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
     method_source (1.0.0)
+    mini_mime (1.1.0)
     minitest (5.14.4)
     nokogiri (1.11.7-x86_64-darwin)
       racc (~> 1.4)
     orm_adapter (0.5.0)
     parallel (1.20.1)
-    parser (3.0.1.1)
+    parser (3.0.2.0)
       ast (~> 2.4.1)
     public_suffix (4.0.6)
     racc (1.5.2)
@@ -77,14 +96,14 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (5.2.6)
-      actionpack (= 5.2.6)
-      activesupport (= 5.2.6)
+    railties (6.1.4)
+      actionpack (= 6.1.4)
+      activesupport (= 6.1.4)
       method_source
-      rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
+      rake (>= 0.13)
+      thor (~> 1.0)
     rainbow (3.0.0)
-    rake (13.0.3)
+    rake (13.0.6)
     regexp_parser (2.1.1)
     responders (3.0.1)
       actionpack (>= 5.0)
@@ -111,18 +130,18 @@ GEM
       rspec-mocks (~> 3.10)
       rspec-support (~> 3.10)
     rspec-support (3.10.2)
-    rubocop (1.14.0)
+    rubocop (1.18.4)
       parallel (~> 1.10)
       parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml
-      rubocop-ast (>= 1.5.0, < 2.0)
+      rubocop-ast (>= 1.8.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.7.0)
+    rubocop-ast (1.8.0)
       parser (>= 3.0.1.1)
-    rubocop-performance (1.11.2)
+    rubocop-performance (1.11.4)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
     ruby-progressbar (1.11.0)
@@ -133,13 +152,12 @@ GEM
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.3)
     sqlite3 (1.4.2)
-    standard (1.1.1)
-      rubocop (= 1.14.0)
-      rubocop-performance (= 1.11.2)
+    standard (1.1.6)
+      rubocop (= 1.18.4)
+      rubocop-performance (= 1.11.4)
     thor (1.1.0)
-    thread_safe (0.3.6)
-    tzinfo (1.2.9)
-      thread_safe (~> 0.1)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
     unicode-display_width (2.0.0)
     vcr (6.0.0)
     warden (1.2.9)
@@ -148,14 +166,19 @@ GEM
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
+    zeitwerk (2.4.2)
 
 PLATFORMS
   x86_64-darwin-18
+  x86_64-darwin-19
 
 DEPENDENCIES
+  actionmailer
   activerecord
+  appraisal (~> 2.3.0)
+  byebug
   castle_devise!
-  railties (~> 5.2)
+  railties (~> 6.1)
   rake
   rspec
   rspec-rails
@@ -166,4 +189,4 @@ DEPENDENCIES
   webmock
 
 BUNDLED WITH
-   2.2.15
+   2.2.23

data/README.md

@@ -1,3 +1,5 @@
+[![Gem Version](https://badge.fury.io/rb/castle_devise.svg)](https://badge.fury.io/rb/castle_devise)
+
 **Disclaimer:** CastleDevise is currently in beta. There might be some upcoming breaking changes to the gem before we stabilize the API.
 
 --- 
@@ -9,6 +11,8 @@ CastleDevise is a [Devise](https://github.com/heartcombo/devise) plugin that int
 It currently provides the following features:
 - preventing bots from registration attacks using Castle's [Filter API](https://docs.castle.io/v1/reference/api-reference/#filter)
 - preventing ATO attacks using Castle's [Risk API](https://docs.castle.io/v1/reference/api-reference/#risk)
+- blocks attempts to update passwords for high-risk logged-in users
+- logs attempts of password reset flows so that you can see them on the Castle dashboard
 
 If you want to learn about all capabilities of Castle, please take a look at [our documentation](https://docs.castle.io/).
 
@@ -83,9 +87,19 @@ You're set! Now verify that everything works by logging in to your application a
 
 #### Further steps if you're using Webpacker
 
-Add `castle.js` to your package.json file.
+Add `castle.js` to your package.json file:
+
+```
+yarn add castle.js
+```
+
+Require castle.js in your application pack:
+
+```javascript
+require("castle.js");
 
-TODO: fill this in.
+_castle("setAppId", YOUR_APPLICATION_ID);
+```
 
 
 ## How-Tos
@@ -161,7 +175,10 @@ class User < ApplicationRecord
            before_registration: true,
            # set it to false to prevent CastleDevise from
            # sending risk($login) and log($login, $failed)
-           after_login: true
+           after_login: true,
+           # set it to false to prevent CastleDevise from
+           # sending log($password_reset_request)
+           after_password_reset_request: true
          }
 end
 ```

data/castle_devise.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.homepage = "https://github.com/castle/castle_devise"
   spec.required_ruby_version = Gem::Requirement.new(">= 2.5.0")
 
-  spec.authors = ["Kacper Madej", "Johan Brissmyr"]
+  spec.authors = ["Kacper Madej", "Dawid Libiszewski", "Johan Brissmyr"]
   spec.email = ["kacper@castle.io"]
 
   spec.metadata["homepage_uri"] = spec.homepage
@@ -27,9 +27,9 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  # Uncomment to register a new dependency of your gem
-  spec.add_dependency "castle-rb", ">= 7.0", "< 8.0"
   spec.add_dependency "activesupport", ">= 5.0"
+  spec.add_dependency "castle-rb", ">= 7.0", "< 8.0"
+  spec.add_dependency "devise", ">= 4.3.0", "< 5.0"
 
-  spec.add_runtime_dependency "devise", ">= 4.3.0", "< 5.0"
+  spec.add_development_dependency "appraisal", "~> 2.3.0"
 end

data/gemfiles/rails_5.2.gemfile

@@ -0,0 +1,17 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "actionmailer"
+gem "activerecord"
+gem "railties", "~> 5.2.6"
+gem "rake"
+gem "rspec"
+gem "rspec-rails"
+gem "simplecov"
+gem "standard"
+gem "sqlite3"
+gem "vcr"
+gem "webmock"
+
+gemspec path: "../"

data/gemfiles/rails_6.0.gemfile

@@ -0,0 +1,17 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "actionmailer"
+gem "activerecord"
+gem "railties", "~> 6.0.4"
+gem "rake"
+gem "rspec"
+gem "rspec-rails"
+gem "simplecov"
+gem "standard"
+gem "sqlite3"
+gem "vcr"
+gem "webmock"
+
+gemspec path: "../"

data/gemfiles/rails_6.1.gemfile

@@ -0,0 +1,17 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "actionmailer"
+gem "activerecord"
+gem "railties", "~> 6.1.4"
+gem "rake"
+gem "rspec"
+gem "rspec-rails"
+gem "simplecov"
+gem "standard"
+gem "sqlite3"
+gem "vcr"
+gem "webmock"
+
+gemspec path: "../"

data/lib/castle_devise.rb

@@ -60,8 +60,8 @@ require_relative "castle_devise/controllers/helpers"
 require_relative "castle_devise/helpers/castle_helper"
 require_relative "castle_devise/hooks/castle_protectable"
 require_relative "castle_devise/models/castle_protectable"
+require_relative "castle_devise/patches/passwords_controller"
 require_relative "castle_devise/patches/registrations_controller"
-
 require_relative "castle_devise/rails"
 
 # Monkey patching Devise module in order to add
@@ -71,7 +71,9 @@ module Devise
   mattr_accessor :castle_hooks
   @@castle_hooks = {
     before_registration: true,
-    after_login: true
+    after_login: true,
+    after_password_reset_request: true,
+    profile_update: true
   }
 end
 

data/lib/castle_devise/models/castle_protectable.rb

@@ -10,7 +10,12 @@ module Devise
     #   castle_hooks: configures which events trigger Castle API calls
     #     {
     #       after_login: true, # trigger risk($login) and log($login, $failed),
-    #       before_registration: true # trigger filter($registration)
+    #       before_registration: true, # trigger filter($registration)
+    #       after_password_reset_request: true, # trigger log($password_reset_request, $succeeded)
+    #                                           # and log($password_reset_request, $failed)
+    #       profile_update: true # trigger risk($profile_update, $attempted),
+    #                            # log($profile_update, $succeeded)
+    #                            # and log($profile_update, $failed)
     #     }
     module CastleProtectable
       extend ActiveSupport::Concern

data/lib/castle_devise/patches.rb

@@ -6,7 +6,8 @@ module CastleDevise
       # Applies monkey-patches to Devise controllers
       # @api private
       def apply
-        Devise::RegistrationsController.send(:include, Patches::RegistrationsController)
+        Devise::RegistrationsController.send(:prepend, Patches::RegistrationsController)
+        Devise::PasswordsController.send(:prepend, Patches::PasswordsController)
       end
     end
   end

data/lib/castle_devise/patches/passwords_controller.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module CastleDevise
+  module Patches
+    # Monkey-patch for
+    # {https://github.com/heartcombo/devise/blob/master/app/controllers/devise/passwords_controller.rb Devise::PasswordsController}
+    # which includes Castle to the password reset requests flow.
+    module PasswordsController
+      extend ActiveSupport::Concern
+
+      # PUT /resource/password
+      # @note Notice, this must happen within a block because before calling
+      #   "reset_password_by_token" method we don't know what resource we operate on.
+      def update
+        super do |resource|
+          next unless resource_class.castle_hooks[:profile_update]
+
+          begin
+            CastleDevise.sdk_facade.log(
+              event: "$profile_update",
+              status: resource.errors.empty? ? "$succeeded" : "$failed",
+              context: CastleDevise::Context.from_rack_env(request.env, scope_name, resource)
+            )
+          rescue Castle::Error => e
+            # log API errors and pass-through it
+            CastleDevise.logger.error("[CastleDevise] log($password_reset_request): #{e}")
+          end
+        end
+      end
+
+      # POST /resource/password
+      def create
+        super do |resource|
+          next unless resource_class.castle_hooks[:after_password_reset_request]
+
+          begin
+            CastleDevise.sdk_facade.log(
+              event: "$password_reset_request",
+              status: resource.persisted? ? "$succeeded" : "$failed",
+              context: CastleDevise::Context.from_rack_env(request.env, scope_name, resource)
+            )
+          rescue Castle::Error => e
+            # log API errors and pass-through it
+            CastleDevise.logger.error("[CastleDevise] log($password_reset_request): #{e}")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/castle_devise/patches/registrations_controller.rb

@@ -8,8 +8,56 @@ module CastleDevise
     module RegistrationsController
       extend ActiveSupport::Concern
 
-      included do
-        before_action :castle_filter, only: :create
+      # @param klass [self]
+      def self.prepended(klass)
+        klass.class_eval do
+          before_action :castle_filter, only: :create
+        end
+      end
+
+      # PUT /resource
+      def update
+        context = CastleDevise::Context.from_rack_env(request.env, scope_name, resource)
+
+        if resource_class.castle_hooks[:profile_update]
+          begin
+            # TODO: Implement a verification mechanism for this action.
+            CastleDevise.sdk_facade.risk(
+              event: "$profile_update",
+              status: "$attempted",
+              context: context
+            )
+          rescue Castle::InvalidParametersError
+            # TODO: We should act differently if the error is about missing/invalid request token
+            #   compared to any other validation errors. However, we can't do this with the
+            #   current Castle SDK as it doesn't give us any way to differentiate these two cases.
+            CastleDevise.logger.warn(
+              "[CastleDevise] /v1/risk request contained invalid parameters." \
+              " This might mean that either you didn't configure Castle's Javascript properly," \
+              " or a request has been made without Javascript (eg. cURL/bot)." \
+              " Such a request is treated as if Castle responded with a 'deny' action in" \
+              " non-monitoring mode."
+            )
+          rescue Castle::Error => e
+            # log API errors and allow
+            CastleDevise.logger.error("[CastleDevise] risk($profile_update): #{e}")
+          end
+        end
+
+        super do |resource|
+          next unless resource_class.castle_hooks[:profile_update]
+
+          begin
+            CastleDevise.sdk_facade.log(
+              event: "$profile_update",
+              status: resource.saved_changes? ? "$succeeded" : "$failed",
+              context: context
+            )
+          rescue Castle::Error => e
+            # log API errors and pass-through it
+            CastleDevise.logger.error("[CastleDevise] log($password_reset_request): #{e}")
+          end
+        end
       end
 
       # Sends a /v1/filter request to Castle
@@ -40,7 +88,8 @@ module CastleDevise
           "[CastleDevise] /v1/filter request contained invalid parameters." \
           " This might mean that either you didn't configure Castle's Javascript properly, or" \
           " a request has been made without Javascript (eg. cURL/bot)." \
-          " Such a request is treated as if Castle responded with a 'deny' action in non-monitoring mode."
+          " Such a request is treated as if Castle responded with a 'deny' action in" \
+          " non-monitoring mode."
         )
 
         unless CastleDevise.monitoring_mode?

data/lib/castle_devise/sdk_facade.rb

@@ -37,13 +37,14 @@ module CastleDevise
 
     # Sends request to the /v1/risk endpoint.
     # @param event [String]
+    # @param status [String]
     # @param context [CastleDevise::Context]
     # @return [Hash] Raw API response
     # @see https://docs.castle.io/v1/reference/api-reference/#v1risk
-    def risk(event:, context:)
+    def risk(event:, context:, status: "$succeeded")
       payload = {
         event: event,
-        status: "$succeeded",
+        status: status,
         user: {
           id: context.castle_id,
           email: context.email,
@@ -68,15 +69,25 @@ module CastleDevise
     # @return [Hash] Raw API response
     # @see https://docs.castle.io/v1/reference/api-reference/#v1log
     def log(event:, status:, context:)
-      payload = {
-        event: event,
-        status: status,
-        user: {
+      return if context.castle_id.blank? && context.email.blank?
+
+      user = if context.castle_id
+        {
           id: context.castle_id,
           email: context.email,
           registered_at: format_time(context.registered_at),
           traits: context.user_traits
-        }.compact,
+        }
+      else
+        {
+          email: context.email
+        }
+      end
+
+      payload = {
+        event: event,
+        status: status,
+        user: user,
         context: payload_context(context.rack_request)
       }
 

data/lib/castle_devise/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module CastleDevise
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,50 +1,51 @@
 --- !ruby/object:Gem::Specification
 name: castle_devise
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Kacper Madej
+- Dawid Libiszewski
 - Johan Brissmyr
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-07-08 00:00:00.000000000 Z
+date: 2021-08-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: castle-rb
+  name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '8.0'
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '8.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: castle-rb
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '7.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '7.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
@@ -65,6 +66,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
 description: castle_devise provides out-of-the-box protection against bot registrations
   and account takeover attacks.
 email:
@@ -77,6 +92,7 @@ files:
 - ".github/workflows/specs.yml"
 - ".gitignore"
 - ".rspec"
+- Appraisals
 - CHANGELOG.md
 - Gemfile
 - Gemfile.lock
@@ -86,6 +102,9 @@ files:
 - bin/console
 - bin/setup
 - castle_devise.gemspec
+- gemfiles/rails_5.2.gemfile
+- gemfiles/rails_6.0.gemfile
+- gemfiles/rails_6.1.gemfile
 - lib/castle_devise.rb
 - lib/castle_devise/configuration.rb
 - lib/castle_devise/context.rb
@@ -94,6 +113,7 @@ files:
 - lib/castle_devise/hooks/castle_protectable.rb
 - lib/castle_devise/models/castle_protectable.rb
 - lib/castle_devise/patches.rb
+- lib/castle_devise/patches/passwords_controller.rb
 - lib/castle_devise/patches/registrations_controller.rb
 - lib/castle_devise/rails.rb
 - lib/castle_devise/sdk_facade.rb