devise-argon2 2.0.1 → 2.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test.yml +49 -29
  3. data/CHANGELOG.md +12 -4
  4. data/Gemfile +6 -1
  5. data/lib/devise-argon2/model.rb +13 -2
  6. data/lib/devise-argon2/version.rb +1 -1
  7. data/spec/devise-argon2_spec.rb +9 -0
  8. data/spec/rails_app/config/application.rb +2 -0
  9. data/spec/rails_app/config/routes.rb +3 -0
  10. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d036bff0c949c49457df0df4a4ac902d4ed0e65e84fd26f2940bfcc973b6bcc3
4
- data.tar.gz: 82024dfd476f476514c5548b4aac5a93c49ffffad6fe33252c153381d0b803c1
3
+ metadata.gz: 7542aed226ac27c831a5f6acdbb6011fe8b6632e83a60902341c4f44bad38b27
4
+ data.tar.gz: 63891613bb7343641df64221d56533f646543c8eb0c8b3f9fe32186a4f4c46df
5
5
  SHA512:
6
- metadata.gz: fb3857086fc9f31fd22bec613c3fe9e93534234036db242c49b1e5aae6ac9340611916e62ec92f84e67b8fafe97610b6d947c98df7846e62d91d9e550586689b
7
- data.tar.gz: b7e523688dab140c94d9aed10232a57a1dcb144b437073d8ec41952fe0595f8713215d5ed9658701927f50182d2cf49adb0fd7bc5792d21255edaf70ffa603f5
6
+ metadata.gz: 958d4df9feceff3bb4b28c85eed86f0072cd9914ba7f00cfdc26379def7af570647812fb72e14303b02ad435d4e8450d6cbc63b76a7b23380de1218828fac365
7
+ data.tar.gz: f639d484fe68ff7d39df88511a06c15b4518ddce58cf02057d39f99524aa5942af83427bb2268f66fe2facd36c30cb72477782f903d2d17e1dfd8f7e644a4fc7
data/.github/workflows/test.yml CHANGED
@@ -1,51 +1,70 @@
1
1
  name: Test suite
2
2
 
3
- on: [push, pull_request]
3
+ on: [push, pull_request, workflow_dispatch]
4
4
 
5
5
  jobs:
6
6
  test:
7
7
  runs-on: ubuntu-latest
8
8
  strategy:
9
9
  matrix:
10
- ruby-version: ['2.7', '3.0', '3.1', '3.2', 'ruby-head']
11
- rails-version: ['~> 7.0', '~> 6.1']
10
+ ruby-version: ['2.7', '3.0', '3.1', '3.2', '3.3']
11
+ rails-version: ['~> 6.1', '~> 7.0', '~> 7.1', '~> 7.2', '8.0.0.beta1']
12
12
  argon2-version: ['2.2', '2.3']
13
13
  orm:
14
14
  - adapter: active_record
15
15
  - adapter: mongoid
16
- mongoid-version: 8.1.2
16
+ mongoid-version: 9.0.2
17
17
  - adapter: mongoid
18
- mongoid-version: 8.0.6
18
+ mongoid-version: 8.1.6
19
+ - adapter: mongoid
20
+ mongoid-version: 8.0.8
19
21
  - adapter: mongoid
20
22
  mongoid-version: 7.5.4
21
- include:
22
- - rails-version: '~> 6.1'
23
- ruby-version: '3.1'
24
- argon2-version: '2.3'
25
- devise-version: '4.8'
26
- orm:
27
- adapter: active_record
28
- - rails-version: '~> 7.1'
23
+ exclude:
24
+ - rails-version: '~> 7.2'
25
+ ruby-version: '2.7'
26
+ - rails-version: '~> 7.2'
27
+ ruby-version: '3.0'
28
+ - rails-version: '8.0.0.beta1'
29
+ ruby-version: '2.7'
30
+ - rails-version: '8.0.0.beta1'
31
+ ruby-version: '3.0'
32
+ - rails-version: '8.0.0.beta1'
29
33
  ruby-version: '3.1'
30
- argon2-version: '2.3'
31
- devise-version: '4.9'
32
- orm:
33
- adapter: active_record
34
- - rails-version: '~> 7.1'
34
+ - orm:
35
+ adapter: mongoid
36
+ rails-version: '8.0.0.beta1'
37
+ - orm:
38
+ adapter: mongoid
39
+ mongoid-version: 8.0.8
40
+ ruby-version: '3.3'
41
+ - orm:
42
+ adapter: mongoid
43
+ mongoid-version: 8.0.8
35
44
  ruby-version: '3.2'
36
- argon2-version: '2.3'
37
- devise-version: '4.9'
38
- orm:
39
- adapter: active_record
40
- - rails-version: '~> 7.1'
41
- ruby-version: '3.1'
42
- argon2-version: '2.1'
43
- devise-version: '4.9'
44
- orm:
45
- adapter: active_record
45
+ - orm:
46
+ adapter: mongoid
47
+ mongoid-version: 7.5.4
48
+ ruby-version: '3.3'
49
+ - orm:
50
+ adapter: mongoid
51
+ mongoid-version: 7.5.4
52
+ ruby-version: '3.2'
53
+ - orm:
54
+ adapter: mongoid
55
+ mongoid-version: 8.0.8
56
+ rails-version: '~> 7.2'
57
+ - orm:
58
+ adapter: mongoid
59
+ mongoid-version: 7.5.4
60
+ rails-version: '~> 7.2'
61
+ - orm:
62
+ adapter: mongoid
63
+ mongoid-version: 7.5.4
64
+ rails-version: '~> 7.1'
46
65
  env:
47
66
  RAILS_VERSION: ${{ matrix.rails-version || '~> 7.0'}}
48
- MONGOID_VERSION: ${{ matrix.orm.mongoid-version || '8.1.2'}}
67
+ MONGOID_VERSION: ${{ matrix.orm.mongoid-version || '8.1.6'}}
49
68
  ORM: ${{ matrix.orm.adapter }}
50
69
  ARGON2_VERSION: ${{ matrix.argon2-version }}
51
70
  DEVISE_VERSION: ${{ matrix.devise-version || '~> 4.9' }}
@@ -56,6 +75,7 @@ jobs:
56
75
  with:
57
76
  ruby-version: ${{ matrix.ruby-version }}
58
77
  bundler-cache: true
78
+ cache-version: 1
59
79
  - uses: supercharge/mongodb-github-action@1.10.0
60
80
  if: ${{ matrix.orm.adapter == 'mongoid' }}
61
81
  - name: Setup rails test environment
data/CHANGELOG.md CHANGED
@@ -1,7 +1,15 @@
1
- # Changelog
1
+ # Changelog
2
2
 
3
3
  ## Unreleased
4
4
 
5
+ ## [2.0.2] - 2024-09-30
6
+
7
+ ### Changed
8
+ - When migrating users from v1 to v2, the `encrypted_password` update will no longer trigger callbacks (ie send email to users)
9
+
10
+ ### Added
11
+ - Tests for newer dependency versions
12
+
5
13
  ## [2.0.1] - 2023-10-18
6
14
 
7
15
  ### Added
@@ -19,12 +27,12 @@
19
27
  - Add support for migrating bcrypt hashes
20
28
  - Add tests for Mongoid
21
29
  - Add Changelog :)
22
-
30
+
23
31
  ### Changed
24
32
  - Change salting / peppering mechanism
25
33
  - Change CI from Travis to GitHub Actions
26
-
27
- ### Removed
34
+
35
+ ### Removed
28
36
  - Remove `devise-encryptable` dependency
29
37
  - Remove superflous dependency on devise `password_salt` column
30
38
 
data/Gemfile CHANGED
@@ -5,7 +5,6 @@ gemspec
5
5
  gem 'rspec'
6
6
  gem 'simplecov'
7
7
  gem 'activerecord'
8
- gem 'sqlite3'
9
8
  gem 'rails', ENV['RAILS_VERSION'] || '~> 7.0'
10
9
  gem 'argon2', ENV['ARGON2_VERSION'] || '~> 2.3'
11
10
  gem 'devise', ENV['DEVISE_VERSION'] || '~> 4.9'
@@ -13,3 +12,9 @@ gem 'devise', ENV['DEVISE_VERSION'] || '~> 4.9'
13
12
  if ENV['ORM'] == 'mongoid'
14
13
  gem 'mongoid', ENV['MONGOID_VERSION'] || '~> 7.5'
15
14
  end
15
+
16
+ if ENV['RAILS_VERSION'] == '8.0.0.beta1'
17
+ gem 'sqlite3', '~> 2.1'
18
+ else
19
+ gem 'sqlite3', '~> 1.6', '>= 1.6.6'
20
+ end
data/lib/devise-argon2/model.rb CHANGED
@@ -53,8 +53,19 @@ module Devise
53
53
  attributes = { encrypted_password: password_digest(password) }
54
54
  attributes[:password_salt] = nil if migrate_hash_from_devise_argon2_v1?
55
55
 
56
- self.assign_attributes(attributes)
57
- self.save if self.persisted?
56
+ if self.persisted?
57
+ update_without_callbacks(attributes)
58
+ else
59
+ self.assign_attributes(attributes)
60
+ end
61
+ end
62
+
63
+ def update_without_callbacks(attributes)
64
+ if defined?(Mongoid) && Mongoid.models.include?(self.class)
65
+ self.set(attributes)
66
+ else
67
+ self.update_columns(attributes)
68
+ end
58
69
  end
59
70
 
60
71
  def outdated_work_factors?
data/lib/devise-argon2/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Devise
2
2
  module Argon2
3
- ARGON2_VERSION = '2.0.1'
3
+ ARGON2_VERSION = '2.0.2'
4
4
  end
5
5
  end
data/spec/devise-argon2_spec.rb CHANGED
@@ -19,6 +19,7 @@ describe Devise::Models::Argon2 do
19
19
  p_cost: DEFAULT_P_COST
20
20
  }
21
21
  User.destroy_all
22
+ OldUser.destroy_all
22
23
  end
23
24
 
24
25
  def work_factors(hash)
@@ -127,6 +128,14 @@ describe Devise::Models::Argon2 do
127
128
  it 'does not update the hash if an invalid password is given' do
128
129
  expect{ user.valid_password?(INCORRECT_PASSWORD) }.not_to(change(user, :encrypted_password))
129
130
  end
131
+
132
+ it 'does not send password change notification emails on hash updates' do
133
+ user.email = 'test@example.com'
134
+ user.save!
135
+ Devise.send_password_change_notification = true
136
+ expect{ user.valid_password?(CORRECT_PASSWORD) }
137
+ .not_to(change { ActionMailer::Base.deliveries.count })
138
+ end
130
139
  end
131
140
 
132
141
  describe 'updating outdated work factors' do
data/spec/rails_app/config/application.rb CHANGED
@@ -20,5 +20,7 @@ module DummyRailsApp
20
20
  config.eager_load = false
21
21
  config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers mailers views).include?($1) }
22
22
  config.autoload_paths += ["#{config.root}/app/#{ORM}"]
23
+ config.action_mailer.delivery_method = :test
24
+ config.action_mailer.default_options = { from: 'test@example.com' }
23
25
  end
24
26
  end
data/spec/rails_app/config/routes.rb ADDED
@@ -0,0 +1,3 @@
1
+ Rails.application.routes.draw do
2
+ devise_for :old_users
3
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-argon2
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.1
4
+ version: 2.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tamas Erdos
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2023-10-19 00:00:00.000000000 Z
12
+ date: 2024-09-30 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: devise
@@ -78,6 +78,7 @@ files:
78
78
  - spec/rails_app/config/environment.rb
79
79
  - spec/rails_app/config/initializers/devise.rb
80
80
  - spec/rails_app/config/mongoid.yml
81
+ - spec/rails_app/config/routes.rb
81
82
  - spec/rails_app/db/migrate/20230617201921_devise_create_users.rb
82
83
  - spec/rails_app/db/migrate/20231004084147_devise_create_old_users.rb
83
84
  - spec/rails_app/db/schema.rb
@@ -102,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
102
103
  - !ruby/object:Gem::Version
103
104
  version: '0'
104
105
  requirements: []
105
- rubygems_version: 3.3.3
106
+ rubygems_version: 3.4.22
106
107
  signing_key:
107
108
  specification_version: 4
108
109
  summary: Enables Devise to hash passwords with Argon2id
@@ -127,6 +128,7 @@ test_files:
127
128
  - spec/rails_app/config/environment.rb
128
129
  - spec/rails_app/config/initializers/devise.rb
129
130
  - spec/rails_app/config/mongoid.yml
131
+ - spec/rails_app/config/routes.rb
130
132
  - spec/rails_app/db/migrate/20230617201921_devise_create_users.rb
131
133
  - spec/rails_app/db/migrate/20231004084147_devise_create_old_users.rb
132
134
  - spec/rails_app/db/schema.rb