devise-argon2 2.0.1 → 2.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d036bff0c949c49457df0df4a4ac902d4ed0e65e84fd26f2940bfcc973b6bcc3
-  data.tar.gz: 82024dfd476f476514c5548b4aac5a93c49ffffad6fe33252c153381d0b803c1
+  metadata.gz: 7542aed226ac27c831a5f6acdbb6011fe8b6632e83a60902341c4f44bad38b27
+  data.tar.gz: 63891613bb7343641df64221d56533f646543c8eb0c8b3f9fe32186a4f4c46df
 SHA512:
-  metadata.gz: fb3857086fc9f31fd22bec613c3fe9e93534234036db242c49b1e5aae6ac9340611916e62ec92f84e67b8fafe97610b6d947c98df7846e62d91d9e550586689b
-  data.tar.gz: b7e523688dab140c94d9aed10232a57a1dcb144b437073d8ec41952fe0595f8713215d5ed9658701927f50182d2cf49adb0fd7bc5792d21255edaf70ffa603f5
+  metadata.gz: 958d4df9feceff3bb4b28c85eed86f0072cd9914ba7f00cfdc26379def7af570647812fb72e14303b02ad435d4e8450d6cbc63b76a7b23380de1218828fac365
+  data.tar.gz: f639d484fe68ff7d39df88511a06c15b4518ddce58cf02057d39f99524aa5942af83427bb2268f66fe2facd36c30cb72477782f903d2d17e1dfd8f7e644a4fc7

data/.github/workflows/test.yml

@@ -1,51 +1,70 @@
 name: Test suite
 
-on: [push, pull_request]
+on: [push, pull_request, workflow_dispatch]
 
 jobs:
   test:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['2.7', '3.0', '3.1', '3.2', 'ruby-head']
-        rails-version: ['~> 7.0', '~> 6.1']
+        ruby-version: ['2.7', '3.0', '3.1', '3.2', '3.3']
+        rails-version: ['~> 6.1', '~> 7.0', '~> 7.1', '~> 7.2', '8.0.0.beta1']
         argon2-version: ['2.2', '2.3']
         orm:
           - adapter: active_record
           - adapter: mongoid
-            mongoid-version: 8.1.2
+            mongoid-version: 9.0.2
           - adapter: mongoid
-            mongoid-version: 8.0.6
+            mongoid-version: 8.1.6
+          - adapter: mongoid
+            mongoid-version: 8.0.8
           - adapter: mongoid
             mongoid-version: 7.5.4
-        include:
-          - rails-version: '~> 6.1'
-            ruby-version: '3.1'
-            argon2-version: '2.3'
-            devise-version: '4.8'
-            orm:
-              adapter: active_record
-          - rails-version: '~> 7.1'
+        exclude:
+          - rails-version: '~> 7.2'
+            ruby-version: '2.7'
+          - rails-version: '~> 7.2'
+            ruby-version: '3.0'
+          - rails-version: '8.0.0.beta1'
+            ruby-version: '2.7'
+          - rails-version: '8.0.0.beta1'
+            ruby-version: '3.0'
+          - rails-version: '8.0.0.beta1'
             ruby-version: '3.1'
-            argon2-version: '2.3'
-            devise-version: '4.9'
-            orm:
-              adapter: active_record
-          - rails-version: '~> 7.1'
+          - orm:
+              adapter: mongoid
+            rails-version: '8.0.0.beta1'
+          - orm:
+              adapter: mongoid
+              mongoid-version: 8.0.8
+            ruby-version: '3.3'
+          - orm:
+              adapter: mongoid
+              mongoid-version: 8.0.8
             ruby-version: '3.2'
-            argon2-version: '2.3'
-            devise-version: '4.9'
-            orm:
-              adapter: active_record
-          - rails-version: '~> 7.1'
-            ruby-version: '3.1'
-            argon2-version: '2.1'
-            devise-version: '4.9'
-            orm:
-              adapter: active_record
+          - orm:
+              adapter: mongoid
+              mongoid-version: 7.5.4
+            ruby-version: '3.3'
+          - orm:
+              adapter: mongoid
+              mongoid-version: 7.5.4
+            ruby-version: '3.2'
+          - orm:
+              adapter: mongoid
+              mongoid-version: 8.0.8
+            rails-version: '~> 7.2'
+          - orm:
+              adapter: mongoid
+              mongoid-version: 7.5.4
+            rails-version: '~> 7.2'
+          - orm:
+              adapter: mongoid
+              mongoid-version: 7.5.4
+            rails-version: '~> 7.1'
     env:
       RAILS_VERSION: ${{ matrix.rails-version  || '~> 7.0'}}
-      MONGOID_VERSION: ${{ matrix.orm.mongoid-version || '8.1.2'}}
+      MONGOID_VERSION: ${{ matrix.orm.mongoid-version || '8.1.6'}}
       ORM: ${{ matrix.orm.adapter }}
       ARGON2_VERSION: ${{ matrix.argon2-version }}
       DEVISE_VERSION: ${{ matrix.devise-version || '~> 4.9' }}
@@ -56,6 +75,7 @@ jobs:
       with:
         ruby-version: ${{ matrix.ruby-version }}
         bundler-cache: true
+        cache-version: 1
     - uses: supercharge/mongodb-github-action@1.10.0
       if: ${{ matrix.orm.adapter == 'mongoid' }}
     - name: Setup rails test environment

data/CHANGELOG.md

@@ -1,7 +1,15 @@
-# Changelog 
+# Changelog
 
 ## Unreleased
 
+## [2.0.2] - 2024-09-30
+
+### Changed
+- When migrating users from v1 to v2, the `encrypted_password` update will no longer trigger callbacks (ie send email to users)
+
+### Added
+- Tests for newer dependency versions
+
 ## [2.0.1] - 2023-10-18
 
 ### Added
@@ -19,12 +27,12 @@
 - Add support for migrating bcrypt hashes
 - Add tests for Mongoid
 - Add Changelog :)
- 
+
 ### Changed
 - Change salting / peppering mechanism
 - Change CI from Travis to GitHub Actions
- 
-### Removed 
+
+### Removed
 - Remove `devise-encryptable` dependency
 - Remove superflous dependency on devise `password_salt` column
 

data/Gemfile

@@ -5,7 +5,6 @@ gemspec
 gem 'rspec'
 gem 'simplecov'
 gem 'activerecord'
-gem 'sqlite3'
 gem 'rails', ENV['RAILS_VERSION'] || '~> 7.0'
 gem 'argon2', ENV['ARGON2_VERSION'] || '~> 2.3'
 gem 'devise', ENV['DEVISE_VERSION'] || '~> 4.9'
@@ -13,3 +12,9 @@ gem 'devise', ENV['DEVISE_VERSION'] || '~> 4.9'
 if ENV['ORM'] == 'mongoid'
   gem 'mongoid', ENV['MONGOID_VERSION'] || '~> 7.5'
 end
+
+if ENV['RAILS_VERSION'] == '8.0.0.beta1'
+  gem 'sqlite3', '~> 2.1'
+else
+  gem 'sqlite3', '~> 1.6', '>= 1.6.6'
+end

data/lib/devise-argon2/model.rb

@@ -53,8 +53,19 @@ module Devise
         attributes = { encrypted_password: password_digest(password) }
         attributes[:password_salt] = nil if migrate_hash_from_devise_argon2_v1?
 
-        self.assign_attributes(attributes)
-        self.save if self.persisted?
+        if self.persisted?
+          update_without_callbacks(attributes)
+        else
+          self.assign_attributes(attributes)
+        end
+      end
+
+      def update_without_callbacks(attributes)
+        if defined?(Mongoid) && Mongoid.models.include?(self.class)
+          self.set(attributes)
+        else
+          self.update_columns(attributes)
+        end
       end
 
       def outdated_work_factors?

data/lib/devise-argon2/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module Argon2
-    ARGON2_VERSION = '2.0.1'
+    ARGON2_VERSION = '2.0.2'
   end
 end

data/spec/devise-argon2_spec.rb

@@ -19,6 +19,7 @@ describe Devise::Models::Argon2 do
       p_cost: DEFAULT_P_COST
     }
     User.destroy_all
+    OldUser.destroy_all
   end
 
   def work_factors(hash)
@@ -127,6 +128,14 @@ describe Devise::Models::Argon2 do
       it 'does not update the hash if an invalid password is given' do
         expect{ user.valid_password?(INCORRECT_PASSWORD) }.not_to(change(user, :encrypted_password))
       end
+
+      it 'does not send password change notification emails on hash updates' do
+        user.email = 'test@example.com'
+        user.save!
+        Devise.send_password_change_notification = true
+        expect{ user.valid_password?(CORRECT_PASSWORD) }
+          .not_to(change { ActionMailer::Base.deliveries.count })
+      end
     end
 
     describe 'updating outdated work factors' do

data/spec/rails_app/config/application.rb

@@ -20,5 +20,7 @@ module DummyRailsApp
     config.eager_load = false
     config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers mailers views).include?($1) }
     config.autoload_paths += ["#{config.root}/app/#{ORM}"]
+    config.action_mailer.delivery_method = :test
+    config.action_mailer.default_options = { from: 'test@example.com' }
   end
 end

data/spec/rails_app/config/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  devise_for :old_users
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise-argon2
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.0.2
 platform: ruby
 authors:
 - Tamas Erdos
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-10-19 00:00:00.000000000 Z
+date: 2024-09-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -78,6 +78,7 @@ files:
 - spec/rails_app/config/environment.rb
 - spec/rails_app/config/initializers/devise.rb
 - spec/rails_app/config/mongoid.yml
+- spec/rails_app/config/routes.rb
 - spec/rails_app/db/migrate/20230617201921_devise_create_users.rb
 - spec/rails_app/db/migrate/20231004084147_devise_create_old_users.rb
 - spec/rails_app/db/schema.rb
@@ -102,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.3
+rubygems_version: 3.4.22
 signing_key: 
 specification_version: 4
 summary: Enables Devise to hash passwords with Argon2id
@@ -127,6 +128,7 @@ test_files:
 - spec/rails_app/config/environment.rb
 - spec/rails_app/config/initializers/devise.rb
 - spec/rails_app/config/mongoid.yml
+- spec/rails_app/config/routes.rb
 - spec/rails_app/db/migrate/20230617201921_devise_create_users.rb
 - spec/rails_app/db/migrate/20231004084147_devise_create_old_users.rb
 - spec/rails_app/db/schema.rb