devise-argon2 2.0.1 → 2.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +65 -30
- data/.gitignore +2 -1
- data/CHANGELOG.md +17 -4
- data/Gemfile +12 -2
- data/lib/devise-argon2/model.rb +18 -2
- data/lib/devise-argon2/version.rb +1 -1
- data/spec/devise-argon2_spec.rb +43 -0
- data/spec/rails_app/app/active_record/old_user.rb +1 -1
- data/spec/rails_app/app/active_record/user.rb +1 -1
- data/spec/rails_app/app/mongoid/old_user.rb +1 -1
- data/spec/rails_app/app/mongoid/user.rb +1 -1
- data/spec/rails_app/config/application.rb +2 -0
- data/spec/rails_app/config/routes.rb +3 -0
- data/spec/rails_app/db/migrate/20250319085725_add_recoverable_fields_to_users.rb +6 -0
- data/spec/rails_app/db/migrate/20250319085738_add_recoverable_fields_to_old_users.rb +6 -0
- data/spec/rails_app/db/schema.rb +5 -2
- metadata +9 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4d16c11636eaa7c98ef99536fdb71ed654c7ec37d9fbc9c1b16fa9da33b0a462
|
|
4
|
+
data.tar.gz: 208892689f1d8702ac262b4bd40dda7631102932c88d90b0be3e79290999ea0e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 305e754064c5b079e9a96fc921c3907b712514b42f1ce63cc58e19e3f55c1008ba6ca5b85ea3bbd272e71cfe3219321a5966168529f50a440d544afde385c3ad
|
|
7
|
+
data.tar.gz: '0292c12e1fef0d399574181f76bc10b33b73fc122a579de94446f7f633e0ff597e4395f52c65e611dfedb6d7494c817835ffbd63aa4a757f408de793bfd55005'
|
data/.github/workflows/test.yml
CHANGED
|
@@ -1,61 +1,96 @@
|
|
|
1
1
|
name: Test suite
|
|
2
2
|
|
|
3
|
-
on: [push, pull_request]
|
|
3
|
+
on: [push, pull_request, workflow_dispatch]
|
|
4
4
|
|
|
5
5
|
jobs:
|
|
6
6
|
test:
|
|
7
7
|
runs-on: ubuntu-latest
|
|
8
8
|
strategy:
|
|
9
9
|
matrix:
|
|
10
|
-
ruby-version: ['2.7', '3.0', '3.1', '3.2', '
|
|
11
|
-
rails-version: ['~> 7.0', '~>
|
|
10
|
+
ruby-version: ['2.7', '3.0', '3.1', '3.2', '3.3', '3.4']
|
|
11
|
+
rails-version: ['~> 6.1', '~> 7.0', '~> 7.1', '~> 7.2', '~> 8.0']
|
|
12
12
|
argon2-version: ['2.2', '2.3']
|
|
13
13
|
orm:
|
|
14
14
|
- adapter: active_record
|
|
15
15
|
- adapter: mongoid
|
|
16
|
-
mongoid-version:
|
|
16
|
+
mongoid-version: 9.0.2
|
|
17
17
|
- adapter: mongoid
|
|
18
|
-
mongoid-version: 8.
|
|
18
|
+
mongoid-version: 8.1.6
|
|
19
|
+
- adapter: mongoid
|
|
20
|
+
mongoid-version: 8.0.8
|
|
19
21
|
- adapter: mongoid
|
|
20
22
|
mongoid-version: 7.5.4
|
|
21
|
-
|
|
22
|
-
- rails-version: '~>
|
|
23
|
+
exclude:
|
|
24
|
+
- rails-version: '~> 7.2'
|
|
25
|
+
ruby-version: '2.7'
|
|
26
|
+
- rails-version: '~> 7.2'
|
|
27
|
+
ruby-version: '3.0'
|
|
28
|
+
- rails-version: '~> 8.0'
|
|
29
|
+
ruby-version: '2.7'
|
|
30
|
+
- rails-version: '~> 8.0'
|
|
31
|
+
ruby-version: '3.0'
|
|
32
|
+
- rails-version: '~> 8.0'
|
|
23
33
|
ruby-version: '3.1'
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
adapter:
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
34
|
+
- rails-version: '~> 6.1'
|
|
35
|
+
ruby-version: '3.4'
|
|
36
|
+
- orm:
|
|
37
|
+
adapter: mongoid
|
|
38
|
+
rails-version: '~> 8.0'
|
|
39
|
+
- orm:
|
|
40
|
+
adapter: mongoid
|
|
41
|
+
mongoid-version: 8.0.8
|
|
42
|
+
ruby-version: '3.3'
|
|
43
|
+
- orm:
|
|
44
|
+
adapter: mongoid
|
|
45
|
+
mongoid-version: 8.0.8
|
|
46
|
+
ruby-version: '3.4'
|
|
47
|
+
- orm:
|
|
48
|
+
adapter: mongoid
|
|
49
|
+
mongoid-version: 8.0.8
|
|
35
50
|
ruby-version: '3.2'
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
adapter:
|
|
51
|
+
- orm:
|
|
52
|
+
adapter: mongoid
|
|
53
|
+
mongoid-version: 7.5.4
|
|
54
|
+
ruby-version: '3.3'
|
|
55
|
+
- orm:
|
|
56
|
+
adapter: mongoid
|
|
57
|
+
mongoid-version: 7.5.4
|
|
58
|
+
ruby-version: '3.4'
|
|
59
|
+
- orm:
|
|
60
|
+
adapter: mongoid
|
|
61
|
+
mongoid-version: 7.5.4
|
|
62
|
+
ruby-version: '3.2'
|
|
63
|
+
- orm:
|
|
64
|
+
adapter: mongoid
|
|
65
|
+
mongoid-version: 8.0.8
|
|
66
|
+
rails-version: '~> 7.2'
|
|
67
|
+
- orm:
|
|
68
|
+
adapter: mongoid
|
|
69
|
+
mongoid-version: 7.5.4
|
|
70
|
+
rails-version: '~> 7.2'
|
|
71
|
+
- orm:
|
|
72
|
+
adapter: mongoid
|
|
73
|
+
mongoid-version: 7.5.4
|
|
74
|
+
rails-version: '~> 7.1'
|
|
46
75
|
env:
|
|
47
|
-
RAILS_VERSION: ${{ matrix.rails-version || '~>
|
|
48
|
-
MONGOID_VERSION: ${{ matrix.orm.mongoid-version || '8.1.
|
|
76
|
+
RAILS_VERSION: ${{ matrix.rails-version || '~> 8.0'}}
|
|
77
|
+
MONGOID_VERSION: ${{ matrix.orm.mongoid-version || '8.1.6'}}
|
|
49
78
|
ORM: ${{ matrix.orm.adapter }}
|
|
50
79
|
ARGON2_VERSION: ${{ matrix.argon2-version }}
|
|
51
80
|
DEVISE_VERSION: ${{ matrix.devise-version || '~> 4.9' }}
|
|
52
81
|
steps:
|
|
82
|
+
- name: Login to Docker Hub
|
|
83
|
+
uses: docker/login-action@v3
|
|
84
|
+
with:
|
|
85
|
+
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
86
|
+
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
53
87
|
- uses: actions/checkout@v4
|
|
54
88
|
- name: Set up Ruby ${{ matrix.ruby-version }}
|
|
55
89
|
uses: ruby/setup-ruby@v1
|
|
56
90
|
with:
|
|
57
91
|
ruby-version: ${{ matrix.ruby-version }}
|
|
58
92
|
bundler-cache: true
|
|
93
|
+
cache-version: 1
|
|
59
94
|
- uses: supercharge/mongodb-github-action@1.10.0
|
|
60
95
|
if: ${{ matrix.orm.adapter == 'mongoid' }}
|
|
61
96
|
- name: Setup rails test environment
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,7 +1,20 @@
|
|
|
1
|
-
# Changelog
|
|
1
|
+
# Changelog
|
|
2
2
|
|
|
3
3
|
## Unreleased
|
|
4
4
|
|
|
5
|
+
## [2.0.3] - 2025-03-23
|
|
6
|
+
|
|
7
|
+
### Fixed
|
|
8
|
+
- Fix bug where users would not be migrated from v1 when setting a password manually. (#21)
|
|
9
|
+
|
|
10
|
+
## [2.0.2] - 2024-09-30
|
|
11
|
+
|
|
12
|
+
### Changed
|
|
13
|
+
- When migrating users from v1 to v2, the `encrypted_password` update will no longer trigger callbacks (ie send email to users)
|
|
14
|
+
|
|
15
|
+
### Added
|
|
16
|
+
- Tests for newer dependency versions
|
|
17
|
+
|
|
5
18
|
## [2.0.1] - 2023-10-18
|
|
6
19
|
|
|
7
20
|
### Added
|
|
@@ -19,12 +32,12 @@
|
|
|
19
32
|
- Add support for migrating bcrypt hashes
|
|
20
33
|
- Add tests for Mongoid
|
|
21
34
|
- Add Changelog :)
|
|
22
|
-
|
|
35
|
+
|
|
23
36
|
### Changed
|
|
24
37
|
- Change salting / peppering mechanism
|
|
25
38
|
- Change CI from Travis to GitHub Actions
|
|
26
|
-
|
|
27
|
-
### Removed
|
|
39
|
+
|
|
40
|
+
### Removed
|
|
28
41
|
- Remove `devise-encryptable` dependency
|
|
29
42
|
- Remove superflous dependency on devise `password_salt` column
|
|
30
43
|
|
data/Gemfile
CHANGED
|
@@ -5,11 +5,21 @@ gemspec
|
|
|
5
5
|
gem 'rspec'
|
|
6
6
|
gem 'simplecov'
|
|
7
7
|
gem 'activerecord'
|
|
8
|
-
gem '
|
|
9
|
-
gem 'rails', ENV['RAILS_VERSION'] || '~> 7.0'
|
|
8
|
+
gem 'rails', ENV['RAILS_VERSION'] || '~> 8.0'
|
|
10
9
|
gem 'argon2', ENV['ARGON2_VERSION'] || '~> 2.3'
|
|
11
10
|
gem 'devise', ENV['DEVISE_VERSION'] || '~> 4.9'
|
|
12
11
|
|
|
13
12
|
if ENV['ORM'] == 'mongoid'
|
|
14
13
|
gem 'mongoid', ENV['MONGOID_VERSION'] || '~> 7.5'
|
|
15
14
|
end
|
|
15
|
+
|
|
16
|
+
if ENV['RAILS_VERSION'] == '~> 8.0'
|
|
17
|
+
gem 'sqlite3', '~> 2.1'
|
|
18
|
+
else
|
|
19
|
+
gem 'sqlite3', '~> 1.6', '>= 1.6.6'
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
if ['~> 6.1', '~> 7.0'].include? ENV['RAILS_VERSION']
|
|
23
|
+
gem 'concurrent-ruby', '1.3.4'
|
|
24
|
+
end
|
|
25
|
+
|
data/lib/devise-argon2/model.rb
CHANGED
|
@@ -38,6 +38,11 @@ module Devise
|
|
|
38
38
|
is_valid
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
+
def password=(new_password)
|
|
42
|
+
self.password_salt = nil if migrate_hash_from_devise_argon2_v1?
|
|
43
|
+
super
|
|
44
|
+
end
|
|
45
|
+
|
|
41
46
|
protected
|
|
42
47
|
|
|
43
48
|
def password_digest(password)
|
|
@@ -53,8 +58,19 @@ module Devise
|
|
|
53
58
|
attributes = { encrypted_password: password_digest(password) }
|
|
54
59
|
attributes[:password_salt] = nil if migrate_hash_from_devise_argon2_v1?
|
|
55
60
|
|
|
56
|
-
self.
|
|
57
|
-
|
|
61
|
+
if self.persisted?
|
|
62
|
+
update_without_callbacks(attributes)
|
|
63
|
+
else
|
|
64
|
+
self.assign_attributes(attributes)
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def update_without_callbacks(attributes)
|
|
69
|
+
if defined?(Mongoid) && Mongoid.models.include?(self.class)
|
|
70
|
+
self.set(attributes)
|
|
71
|
+
else
|
|
72
|
+
self.update_columns(attributes)
|
|
73
|
+
end
|
|
58
74
|
end
|
|
59
75
|
|
|
60
76
|
def outdated_work_factors?
|
data/spec/devise-argon2_spec.rb
CHANGED
|
@@ -19,6 +19,7 @@ describe Devise::Models::Argon2 do
|
|
|
19
19
|
p_cost: DEFAULT_P_COST
|
|
20
20
|
}
|
|
21
21
|
User.destroy_all
|
|
22
|
+
OldUser.destroy_all
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
def work_factors(hash)
|
|
@@ -127,6 +128,14 @@ describe Devise::Models::Argon2 do
|
|
|
127
128
|
it 'does not update the hash if an invalid password is given' do
|
|
128
129
|
expect{ user.valid_password?(INCORRECT_PASSWORD) }.not_to(change(user, :encrypted_password))
|
|
129
130
|
end
|
|
131
|
+
|
|
132
|
+
it 'does not send password change notification emails on hash updates' do
|
|
133
|
+
user.email = 'test@example.com'
|
|
134
|
+
user.save!
|
|
135
|
+
Devise.send_password_change_notification = true
|
|
136
|
+
expect{ user.valid_password?(CORRECT_PASSWORD) }
|
|
137
|
+
.not_to(change { ActionMailer::Base.deliveries.count })
|
|
138
|
+
end
|
|
130
139
|
end
|
|
131
140
|
|
|
132
141
|
describe 'updating outdated work factors' do
|
|
@@ -293,4 +302,38 @@ describe Devise::Models::Argon2 do
|
|
|
293
302
|
)
|
|
294
303
|
end
|
|
295
304
|
end
|
|
305
|
+
|
|
306
|
+
describe 'password reset' do
|
|
307
|
+
NEW_PASSWORD = 'new password'
|
|
308
|
+
|
|
309
|
+
shared_examples 'ways of resetting the password' do
|
|
310
|
+
it 'can be done via password_reset' do
|
|
311
|
+
user.reset_password(NEW_PASSWORD, NEW_PASSWORD)
|
|
312
|
+
expect(user.valid_password?(NEW_PASSWORD)).to be true
|
|
313
|
+
end
|
|
314
|
+
|
|
315
|
+
it 'can be done via password=' do
|
|
316
|
+
user.password = NEW_PASSWORD
|
|
317
|
+
expect(user.valid_password?(NEW_PASSWORD)).to be true
|
|
318
|
+
end
|
|
319
|
+
end
|
|
320
|
+
|
|
321
|
+
context 'encrypted_password is hashed with the current version of devise-argon2' do
|
|
322
|
+
include_examples 'ways of resetting the password'
|
|
323
|
+
end
|
|
324
|
+
|
|
325
|
+
context 'encrypted_password is hashed with version 1 of devise-argon2' do
|
|
326
|
+
let(:user) { OldUser.new(password: CORRECT_PASSWORD) }
|
|
327
|
+
|
|
328
|
+
before do
|
|
329
|
+
Devise.argon2_options.merge!({ migrate_from_devise_argon2_v1: true })
|
|
330
|
+
user.password_salt = 'devise-argon2 v1 salt'
|
|
331
|
+
user.encrypted_password = ::Argon2::Password.create(
|
|
332
|
+
"#{CORRECT_PASSWORD}#{user.password_salt}#{Devise.pepper}"
|
|
333
|
+
)
|
|
334
|
+
end
|
|
335
|
+
|
|
336
|
+
include_examples 'ways of resetting the password'
|
|
337
|
+
end
|
|
338
|
+
end
|
|
296
339
|
end
|
|
@@ -20,5 +20,7 @@ module DummyRailsApp
|
|
|
20
20
|
config.eager_load = false
|
|
21
21
|
config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers mailers views).include?($1) }
|
|
22
22
|
config.autoload_paths += ["#{config.root}/app/#{ORM}"]
|
|
23
|
+
config.action_mailer.delivery_method = :test
|
|
24
|
+
config.action_mailer.default_options = { from: 'test@example.com' }
|
|
23
25
|
end
|
|
24
26
|
end
|
data/spec/rails_app/db/schema.rb
CHANGED
|
@@ -10,13 +10,15 @@
|
|
|
10
10
|
#
|
|
11
11
|
# It's strongly recommended that you check this file into your version control system.
|
|
12
12
|
|
|
13
|
-
ActiveRecord::Schema.define(version:
|
|
13
|
+
ActiveRecord::Schema.define(version: 2025_03_19_085738) do
|
|
14
14
|
create_table "old_users", force: :cascade do |t|
|
|
15
15
|
t.string "email", default: "", null: false
|
|
16
16
|
t.string "encrypted_password", default: "", null: false
|
|
17
17
|
t.string "password_salt"
|
|
18
18
|
t.datetime "created_at", null: false
|
|
19
19
|
t.datetime "updated_at", null: false
|
|
20
|
+
t.string "reset_password_token"
|
|
21
|
+
t.datetime "reset_password_sent_at"
|
|
20
22
|
t.index ["email"], name: "index_old_users_on_email", unique: true
|
|
21
23
|
end
|
|
22
24
|
|
|
@@ -25,7 +27,8 @@ ActiveRecord::Schema.define(version: 2023_10_04_084147) do
|
|
|
25
27
|
t.string "encrypted_password", default: "", null: false
|
|
26
28
|
t.datetime "created_at", null: false
|
|
27
29
|
t.datetime "updated_at", null: false
|
|
30
|
+
t.string "reset_password_token"
|
|
31
|
+
t.datetime "reset_password_sent_at"
|
|
28
32
|
t.index ["email"], name: "index_users_on_email", unique: true
|
|
29
33
|
end
|
|
30
|
-
|
|
31
34
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-argon2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tamas Erdos
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2025-03-23 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: devise
|
|
@@ -78,8 +78,11 @@ files:
|
|
|
78
78
|
- spec/rails_app/config/environment.rb
|
|
79
79
|
- spec/rails_app/config/initializers/devise.rb
|
|
80
80
|
- spec/rails_app/config/mongoid.yml
|
|
81
|
+
- spec/rails_app/config/routes.rb
|
|
81
82
|
- spec/rails_app/db/migrate/20230617201921_devise_create_users.rb
|
|
82
83
|
- spec/rails_app/db/migrate/20231004084147_devise_create_old_users.rb
|
|
84
|
+
- spec/rails_app/db/migrate/20250319085725_add_recoverable_fields_to_users.rb
|
|
85
|
+
- spec/rails_app/db/migrate/20250319085738_add_recoverable_fields_to_old_users.rb
|
|
83
86
|
- spec/rails_app/db/schema.rb
|
|
84
87
|
- spec/spec_helper.rb
|
|
85
88
|
homepage: https://github.com/erdostom/devise-argon2
|
|
@@ -102,7 +105,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
102
105
|
- !ruby/object:Gem::Version
|
|
103
106
|
version: '0'
|
|
104
107
|
requirements: []
|
|
105
|
-
rubygems_version: 3.
|
|
108
|
+
rubygems_version: 3.1.6
|
|
106
109
|
signing_key:
|
|
107
110
|
specification_version: 4
|
|
108
111
|
summary: Enables Devise to hash passwords with Argon2id
|
|
@@ -127,7 +130,10 @@ test_files:
|
|
|
127
130
|
- spec/rails_app/config/environment.rb
|
|
128
131
|
- spec/rails_app/config/initializers/devise.rb
|
|
129
132
|
- spec/rails_app/config/mongoid.yml
|
|
133
|
+
- spec/rails_app/config/routes.rb
|
|
130
134
|
- spec/rails_app/db/migrate/20230617201921_devise_create_users.rb
|
|
131
135
|
- spec/rails_app/db/migrate/20231004084147_devise_create_old_users.rb
|
|
136
|
+
- spec/rails_app/db/migrate/20250319085725_add_recoverable_fields_to_users.rb
|
|
137
|
+
- spec/rails_app/db/migrate/20250319085738_add_recoverable_fields_to_old_users.rb
|
|
132
138
|
- spec/rails_app/db/schema.rb
|
|
133
139
|
- spec/spec_helper.rb
|