devise-secure_password 1.0.3 → 1.0.4

data/lib/devise/secure_password/controllers/active_helpers.rb

@@ -18,13 +18,18 @@ module Devise
           warden.authenticated? && warden.session['secure_password_last_controller'] == 'Devise::SessionsController'
         end
 
+        # Prevent infinite loops and allow specified controllers to bypass.
+        # @NOTE: The ability to extend this list may be made public, in the
+        # future if that functionality is needed.
         def skip_current_controller?
           exclusion_list = [
             'Devise::SessionsController',
             'Devise::PasswordsWithPolicyController#edit',
-            'Devise::PasswordsWithPolicyController#update'
+            'Devise::PasswordsWithPolicyController#update',
+            'DeviseInvitable::RegistrationsController#edit',
+            'DeviseInvitable::RegistrationsController#update'
           ]
-          exclusion_list.select { |e| e == "#{self.class.name}#" + action_name || e == self.class.name.to_s }.empty?
+          !(exclusion_list.include?("#{self.class.name}#" + action_name) || (exclusion_list & self.class.ancestors.map(&:to_s)).any?)
         end
 
         def error_string_for_password_expired

data/lib/devise/secure_password/controllers/devise_helpers.rb

@@ -10,9 +10,9 @@ module Devise
 
           protected
 
-          # Override the devise require_no_authentication before callback so users
-          # have to prevent authenticated users with expired passwords from
-          # escaping to other pages without first updating their passwords.
+          # Override the devise require_no_authentication before callback to
+          # prevent authenticated users with expired passwords from escaping to
+          # other pages without first updating their passwords.
           def require_no_authentication
             return if check_password_expired_and_redirect!
 
@@ -42,11 +42,14 @@ module Devise
             warden.session(scope_name)[:secure_last_action] = action_name
           end
 
+          # Prevent infinite loops and allow specified controllers to bypass.
+          # @NOTE: The ability to extend this list may be made public, in the
+          # future if that functionality is needed.
           def skip_current_devise_controller?
             exclusion_list = [
               'Devise::SessionsController'
             ]
-            exclusion_list.select { |e| e == "#{self.class.name}#" + action_name || e == self.class.name.to_s }.empty?
+            !(exclusion_list.include?("#{self.class.name}#" + action_name) || (exclusion_list & self.class.ancestors.map(&:to_s)).any?)
           end
 
           def error_string_for_password_expired

data/lib/devise/secure_password/models/previous_password.rb

@@ -9,11 +9,11 @@ module Devise
       validates :encrypted_password, presence: true
 
       def fresh?(minimum_age_duration, now = ::Time.zone.now)
-        now <= (created_at + minimum_age_duration)
+        now <= (updated_at + minimum_age_duration)
       end
 
       def stale?(maximum_age_duration, now = ::Time.zone.now)
-        now > (created_at + maximum_age_duration)
+        now > (updated_at + maximum_age_duration)
       end
     end
   end

data/lib/devise/secure_password/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module SecurePassword
-    VERSION = '1.0.3'.freeze
+    VERSION = '1.0.4'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-secure_password
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.4
 platform: ruby
 authors:
 - Mark Eissler
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-24 00:00:00.000000000 Z
+date: 2018-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -424,11 +424,38 @@ files:
 - "./bin/console"
 - "./bin/setup"
 - "./config/locales/en.yml"
+- "./coverage/assets/0.10.2/application.css"
+- "./coverage/assets/0.10.2/application.js"
+- "./coverage/assets/0.10.2/colorbox/border.png"
+- "./coverage/assets/0.10.2/colorbox/controls.png"
+- "./coverage/assets/0.10.2/colorbox/loading.gif"
+- "./coverage/assets/0.10.2/colorbox/loading_background.png"
+- "./coverage/assets/0.10.2/favicon_green.png"
+- "./coverage/assets/0.10.2/favicon_red.png"
+- "./coverage/assets/0.10.2/favicon_yellow.png"
+- "./coverage/assets/0.10.2/loading.gif"
+- "./coverage/assets/0.10.2/magnify.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-bg_flat_75_ffffff_40x100.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-bg_glass_65_ffffff_1x400.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-bg_glass_75_dadada_1x400.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-icons_222222_256x240.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-icons_2e83ff_256x240.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-icons_454545_256x240.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-icons_888888_256x240.png"
+- "./coverage/assets/0.10.2/smoothness/images/ui-icons_cd0a0a_256x240.png"
+- "./coverage/index.html"
 - "./devise-secure_password-1.0.0.gem"
 - "./devise-secure_password.gemspec"
 - "./docker-entrypoint.sh"
 - "./gemfiles/rails-5_0_6.gemfile"
+- "./gemfiles/rails-5_0_6.gemfile.lock"
 - "./gemfiles/rails-5_1_4.gemfile"
+- "./gemfiles/rails-5_1_4.gemfile.lock"
 - "./lib/devise/secure_password.rb"
 - "./lib/devise/secure_password/controllers/active_helpers.rb"
 - "./lib/devise/secure_password/controllers/devise_helpers.rb"
@@ -444,6 +471,7 @@ files:
 - "./lib/generators/devise/templates/README.txt"
 - "./lib/generators/devise/templates/secure_password.rb"
 - "./lib/support/string/character_counter.rb"
+- "./pkg/devise-secure_password-1.0.3.gem"
 homepage: https://github.com/valimail/devise-secure_password
 licenses:
 - MIT