devise-secure-password 1.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: cb0ede6cb0ee8c5ff54ecbb1f262269617c63795dd394e0704a2449881ca2f0c
+  data.tar.gz: 89183180c76004c80b2c99d4462c2f4841a52289cfb549314db1822d95b99d4c
+SHA512:
+  metadata.gz: d88827c15c3b54048907e422c80bd66b9a8062a0da967553d1c9e029bfc52e246493f51cca097dcdc7ced622ce00c3ab14043bc3843daed8fd51a5948e299f68
+  data.tar.gz: b6aa28a2383d6560fdd3fbacf0c2881fc7aecea46148072ac8eb2b391844cfd24830621b49aab6f09276a9c7a5086fa98503e91bfd10aa32b44c040a4dd79b68

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at mark.eissler@valimail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Changelog.md

@@ -0,0 +1,98 @@
+# Changelog: devise-secure_password
+
+## 1.1.0 / 2018-08-08
+
+With this release, the __devise-secure_password__ gem drops official support for Rails < 5.1. Supported versions are now
+Rails 5.2 (current release) and Rails 5.1 (last release).
+
+* Update README for Rails versions tested (5.2, 5.1).
+* Update circleci config for Ruby and Rails versions.
+* Update default dev build to Rails 5.2.
+* Add test support for Rails 5.2.
+* Remove test support for Rails 5.0.
+* Update Dockerfile.prev ruby to 2.4.4.
+* Update Dockerfile ruby to 2.5.1.
+* Sort rake targets task list output.
+* Add Codecov.io for coverage tracking
+
+## 1.0.8 / 2018-06-15
+
+* Update README for ruby versions tested (2.5.1, 2.4.4).
+* Update README for target reconfig instructions.
+* Update README for test screenshot generation.
+* Fix grammar for error messages.
+* Fix empty new passwords skipping validation.
+* Add tests for invalid empty and current passwords.
+* Add total string length counting to character_counter.
+* Add password confirmation equality validator.
+* Add length validations to password fields.
+* Add update_action hidden field to forced password change form.
+* Refactor passwords_with_policy controller.
+
+## 1.0.7 / 2018-05-25
+
+* Fix specs to use appropriate Rails version
+* Update configuration to not include patch version for Rails
+* Manage expiration in session to remove incompatability with authentication extensions
+
+## 1.0.6 / 2018-05-04
+
+* Fix scoping for previous passwords returned through associations.
+
+## 1.0.5 / 2018-04-30
+
+* Update rails-app-5_1_4 config for SQLite3Adapter changes.
+* Update previous_password default_scope to be based on id.
+* Configure more reasonable defaults.
+* Update README regarding defaults and a users need to verify.
+* Update README to include section on Displaying errors.
+* Revert password freshness algorithm from 1.0.4.
+
+## v1.0.4 / 2018-04-28
+
+* Fix for ignored redirect on expired passwords.
+* Change password freshness algorithm to consider updated records.
+
+## v1.0.3 / 2018-04-23
+
+* Skip enforcement checks unless User model requires a password.
+* Update migration code to accomodate changes in underlying ActiveRecord.
+
+## v1.0.2 / 2018-03-14
+
+* Update the default configuration to be less strict - users can enable individual features.
+* Do not override global timeago strings.
+
+## v1.0.1 / 2018-03-14
+
+* Fix the special character configuration parameter name and add specs.
+
+## v1.0.0 / 2018-03-07
+
+* Update license.
+* Refactor to simplify install and test commands.
+
+## v0.9.4 / 2018-01-24
+
+* Fix typos in README.
+* Update circleci badge token.
+* Rename modules according to convention for Rails concerns.
+* Implement code coverage.
+* Support multiple rails versions for testing.
+* Rename password_regular_update_enforcement_controller to dppe_passwords_controller.
+
+## v0.9.3 / 2018-01-09
+
+* Implement password regular update
+
+## v0.9.2 / 2018-01-02
+
+* Implement password frequent change enforcement.
+
+## v0.9.1 / 2017-12-29
+
+* Implement password frequent reuse enforcement.
+
+## v0.9.0 / 2017-12-26
+
+* Implement password content enforcement.

data/Dockerfile

@@ -0,0 +1,44 @@
+#
+# Dockerfile for devise-secure_password
+#
+# prompt> docker build -t secure-password-dev .
+# prompt> docker run -it secure-password-dev /bin/bash
+# prompt> pushd . && cd spec/rails-app-X_y_z
+# prompt> gem install bundler && RAILS_TARGET=X.y.z bundle install --jobs 20 --retry 5
+# prompt> RAILS_ENV='test' bundle exec rake db:migrate
+# prompt> popd
+# prompt> gem install bundler && RAILS_TARGET=X.y.z bundle install --jobs 20 --retry 5
+# prompt> RAILS_TARGET=X.y.z bundle exec rake test:spec
+#
+# NOTE: The order in which you run 'bundle install' in spec/rails and then in
+# the top directory is important.
+#
+FROM circleci/ruby:2.5.1-browsers
+LABEL maintainer="Mark Eissler <mark.eissler@valimail.com>"
+
+ENV BUILD_HOME='/secure-password-gem'
+
+# Configure the main working directory. This is the base directory used in any
+# further RUN, COPY, and ENTRYPOINT commands.
+RUN sudo mkdir -p ${BUILD_HOME}
+WORKDIR ${BUILD_HOME}
+
+# Copy main application
+COPY . ./
+
+# Fix permissions on /gem directory
+RUN set -x \
+    && sudo chown -R circleci:circleci ${BUILD_HOME}
+
+# Start xvfb automatically
+ENV DISPLAY :99
+
+# Update docker-entrypoint.sh
+RUN set -x \
+    && cp docker-entrypoint.sh /docker-entrypoint.sh \
+    && chmod 755 /docker-entrypoint.sh \
+    && chown circleci:circleci /docker-entrypoint.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+CMD ["/bin/bash"]

data/Dockerfile.prev

@@ -0,0 +1,44 @@
+#
+# Dockerfile for devise-secure_password
+#
+# prompt> docker build -f Dockerfile.prev -t secure-password-dev-prev .
+# prompt> docker run -it secure-password-dev-prev /bin/bash
+# prompt> pushd . && cd spec/rails-app-X_y_z
+# prompt> gem install bundler && RAILS_TARGET=X.y.z bundle install --jobs 20 --retry 5
+# prompt> RAILS_ENV='test' bundle exec rake db:migrate
+# prompt> popd
+# prompt> gem install bundler && RAILS_TARGET=X.y.z bundle install --jobs 20 --retry 5
+# prompt> RAILS_TARGET=X.y.z bundle exec rake test:spec
+#
+# NOTE: The order in which you run 'bundle install' in spec/rails and then in
+# the top directory is important.
+#
+FROM circleci/ruby:2.4.4-browsers
+LABEL maintainer="Mark Eissler <mark.eissler@valimail.com>"
+
+ENV BUILD_HOME='/secure-password-gem'
+
+# Configure the main working directory. This is the base directory used in any
+# further RUN, COPY, and ENTRYPOINT commands.
+RUN sudo mkdir -p ${BUILD_HOME}
+WORKDIR ${BUILD_HOME}
+
+# Copy main application
+COPY . ./
+
+# Fix permissions on /gem directory
+RUN set -x \
+    && sudo chown -R circleci:circleci ${BUILD_HOME}
+
+# Start xvfb automatically
+ENV DISPLAY :99
+
+# Update docker-entrypoint.sh
+RUN set -x \
+    && cp docker-entrypoint.sh /docker-entrypoint.sh \
+    && chmod 755 /docker-entrypoint.sh \
+    && chown circleci:circleci /docker-entrypoint.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+CMD ["/bin/bash"]

data/Gemfile

@@ -0,0 +1,13 @@
+source 'https://rubygems.org'
+
+#
+# Configure the build:
+#
+#   prompt> gem install bundler && bundle install
+#
+
+gemspec
+
+group :test do
+  gem 'codecov', require: false
+end

data/Gemfile.lock

@@ -0,0 +1,272 @@
+PATH
+  remote: .
+  specs:
+    devise-secure-password (1.1.1)
+      devise (>= 4.0.0, < 5.0.0)
+      railties (>= 5.0.0, < 7.0.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.2.4.1)
+      actionpack (= 5.2.4.1)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailer (5.2.4.1)
+      actionpack (= 5.2.4.1)
+      actionview (= 5.2.4.1)
+      activejob (= 5.2.4.1)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.2.4.1)
+      actionview (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
+      rack (~> 2.0, >= 2.0.8)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.2.4.1)
+      activesupport (= 5.2.4.1)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (5.2.4.1)
+      activesupport (= 5.2.4.1)
+      globalid (>= 0.3.6)
+    activemodel (5.2.4.1)
+      activesupport (= 5.2.4.1)
+    activerecord (5.2.4.1)
+      activemodel (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
+      arel (>= 9.0)
+    activestorage (5.2.4.1)
+      actionpack (= 5.2.4.1)
+      activerecord (= 5.2.4.1)
+      marcel (~> 0.3.1)
+    activesupport (5.2.4.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    ansi (1.5.0)
+    arel (9.0.0)
+    ast (2.4.0)
+    bcrypt (3.1.13)
+    builder (3.2.4)
+    capybara (3.31.0)
+      addressable
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (~> 1.5)
+      xpath (~> 3.2)
+    capybara-screenshot (1.0.24)
+      capybara (>= 1.0, < 4)
+      launchy
+    childprocess (3.0.0)
+    codecov (0.1.16)
+      json
+      simplecov
+      url
+    coffee-rails (4.2.2)
+      coffee-script (>= 2.2.0)
+      railties (>= 4.0.0)
+    coffee-script (2.4.1)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.12.2)
+    concurrent-ruby (1.1.6)
+    crass (1.0.6)
+    database_cleaner (1.8.3)
+    devise (4.7.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
+    diff-lcs (1.3)
+    docile (1.3.2)
+    erubi (1.9.0)
+    erubis (2.7.0)
+    execjs (2.7.0)
+    flay (2.12.1)
+      erubis (~> 2.7.0)
+      path_expander (~> 1.0)
+      ruby_parser (~> 3.0)
+      sexp_processor (~> 4.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    i18n (1.8.2)
+      concurrent-ruby (~> 1.0)
+    jaro_winkler (1.5.4)
+    json (2.3.0)
+    launchy (2.5.0)
+      addressable (~> 2.7)
+    loofah (2.4.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    marcel (0.3.3)
+      mimemagic (~> 0.3.2)
+    method_source (0.9.2)
+    mimemagic (0.3.4)
+    mini_mime (1.0.2)
+    mini_portile2 (2.4.0)
+    minitest (5.14.0)
+    nio4r (2.5.2)
+    nokogiri (1.10.9)
+      mini_portile2 (~> 2.4.0)
+    orm_adapter (0.5.0)
+    parallel (1.19.1)
+    parser (2.7.0.4)
+      ast (~> 2.4.0)
+    path_expander (1.1.0)
+    public_suffix (4.0.3)
+    rack (2.2.2)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails (5.2.4.1)
+      actioncable (= 5.2.4.1)
+      actionmailer (= 5.2.4.1)
+      actionpack (= 5.2.4.1)
+      actionview (= 5.2.4.1)
+      activejob (= 5.2.4.1)
+      activemodel (= 5.2.4.1)
+      activerecord (= 5.2.4.1)
+      activestorage (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
+      bundler (>= 1.3.0)
+      railties (= 5.2.4.1)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (5.2.4.1)
+      actionpack (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.19.0, < 2.0)
+    rainbow (3.0.0)
+    rake (13.0.1)
+    regexp_parser (1.7.0)
+    responders (3.0.0)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
+    rexml (3.2.4)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.1)
+      rspec-support (~> 3.9.1)
+    rspec-expectations (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-rails (3.9.1)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.2)
+    rspec_junit_formatter (0.4.1)
+      rspec-core (>= 2, < 4, != 2.12.0)
+    rubocop (0.80.1)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.7.0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      rexml
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 1.7)
+    rubocop-rails (2.4.2)
+      rack (>= 1.1)
+      rubocop (>= 0.72.0)
+    rubocop-rspec (1.38.1)
+      rubocop (>= 0.68.1)
+    ruby-progressbar (1.10.1)
+    ruby2ruby (2.4.4)
+      ruby_parser (~> 3.1)
+      sexp_processor (~> 4.6)
+    ruby_parser (3.14.2)
+      sexp_processor (~> 4.9)
+    rubyzip (2.3.0)
+    selenium-webdriver (3.142.7)
+      childprocess (>= 0.5, < 4.0)
+      rubyzip (>= 1.2.2)
+    sexp_processor (4.14.1)
+    simplecov (0.18.5)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+    simplecov-console (0.7.2)
+      ansi
+      simplecov
+      terminal-table
+    simplecov-html (0.12.2)
+    sprockets (4.0.0)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.4.2)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    thor (1.0.1)
+    thread_safe (0.3.6)
+    tzinfo (1.2.6)
+      thread_safe (~> 0.1)
+    unicode-display_width (1.6.1)
+    url (0.3.2)
+    warden (1.2.8)
+      rack (>= 2.0.6)
+    websocket-driver (0.7.1)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.4)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (>= 1.16.1)
+  capybara (~> 3.11, >= 2.16.1)
+  capybara-screenshot (>= 1.0.18)
+  codecov
+  coffee-rails (~> 4.2)
+  database_cleaner (~> 1.6, >= 1.6.2)
+  devise (~> 4.0)
+  devise-secure-password!
+  flay (>= 2.10.0)
+  launchy (>= 2.4.3)
+  rails (~> 5.2, >= 5.2.0)
+  rake (>= 12.3)
+  rspec (>= 3.7)
+  rspec-rails (>= 3.7)
+  rspec_junit_formatter (>= 0.3)
+  rubocop (>= 0.74.0)
+  rubocop-rails (>= 2.3.2)
+  rubocop-rspec (>= 1.35.0)
+  ruby2ruby (>= 2.4.0)
+  selenium-webdriver (>= 3.7.0)
+  simplecov (~> 0.18.2)
+  simplecov-console (>= 0.4.2)
+  sqlite3 (>= 1.3.13)
+
+BUNDLED WITH
+   2.1.4