devise-secure_password 1.0.4 → 1.0.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9ad50ca0c1965ad3174621755389c8e48b975e21
4
- data.tar.gz: b37c27078075b47e6d5d8f9cb8aa4123acc5c864
3
+ metadata.gz: 1c68e938643943a1eb93719ef84ee969b350a12b
4
+ data.tar.gz: 897e40fb6a73452cbfa6fb9b39dc8990a76c65f9
5
5
  SHA512:
6
- metadata.gz: 80b59887d9403bf0248755e2ff6e57913992ef7db706a37f2ca5cf384d6e60e6e82da38f5c2943028be2e40e07d0a0f4939626e082f13896b6a7362b43cf4a4f
7
- data.tar.gz: d9dbd040fd15d17b7324f431b86fa72dc0b50c269652742512ccd90b994c513675bc23bc6140632f1868f1e089df3cfcb9bdf0c7eb1a7c2e6151cccbaaf2ce30
6
+ metadata.gz: 1a1d93997de4b2dd7dc8fe6c4495c2956f5cb17b9eeb474e1e30e022c16e5f9b20e76ff826b027e4a43d4d200246ed11b112d2d809278808d34434c3c2c2c23d
7
+ data.tar.gz: 4c1e883be6167375195bdcf3487d959163ba425a5d1cb3aca3e34036e6a2d682569e5d6760e59a3bcb48fc9b422c2bd7dd6e476f624c7bb3ee3e5db74ed40754
data/Changelog.md ADDED
@@ -0,0 +1,59 @@
1
+ # Changelog: devise-secure_password
2
+
3
+ ## 1.0.5 / 2018-04-30
4
+
5
+ * Update rails-app-5_1_4 config for SQLite3Adapter changes.
6
+ * Update previous_password default_scope to be based on id.
7
+ * Configure more reasonable defaults.
8
+ * Update README regarding defaults and a users need to verify.
9
+ * Update README to include section on Displaying errors.
10
+ * Revert password freshness algorithm from 1.0.4.
11
+
12
+ ## v1.0.4 / 2018-04-28
13
+
14
+ * Fix for ignored redirect on expired passwords.
15
+ * Change password freshness algorithm to consider updated records.
16
+
17
+ ## v1.0.3 / 2018-04-23
18
+
19
+ * Skip enforcement checks unless User model requires a password.
20
+ * Update migration code to accomodate changes in underlying ActiveRecord.
21
+
22
+ ## v1.0.2 / 2018-03-14
23
+
24
+ * Update the default configuration to be less strict - users can enable individual features.
25
+ * Do not override global timeago strings.
26
+
27
+ ## v1.0.1 / 2018-03-14
28
+
29
+ * Fix the special character configuration parameter name and add specs.
30
+
31
+ ## v1.0.0 / 2018-03-07
32
+
33
+ * Update license.
34
+ * [VME-1693] Refactor to simplify install and test commands.
35
+
36
+ ## v0.9.4 / 2018-01-24
37
+
38
+ * [VME-1661] Fix typos in README.
39
+ * [VME-1646] Update circleci badge token.
40
+ * [VME-1646] Rename modules according to convention for Rails concerns.
41
+ * Implement code coverage.
42
+ * Support multiple rails versions for testing.
43
+ * Rename password_regular_update_enforcement_controller to dppe_passwords_controller.
44
+
45
+ ## v0.9.3 / 2018-01-09
46
+
47
+ * Implement password regular update
48
+
49
+ ## v0.9.2 / 2018-01-02
50
+
51
+ * Implement password frequent change enforcement.
52
+
53
+ ## v0.9.1 / 2017-12-29
54
+
55
+ * Implement password frequent reuse enforcement.
56
+
57
+ ## v0.9.0 / 2017-12-26
58
+
59
+ * Implement password content enforcement.
data/Gemfile.lock CHANGED
@@ -1,87 +1,288 @@
1
+ GIT
2
+ remote: https://github.com/thoughtbot/shoulda-matchers.git
3
+ revision: 4b160bd19ecca7f97d7ac22dccd5fde9b0da5a9f
4
+ branch: rails-5
5
+ specs:
6
+ shoulda-matchers (3.1.2)
7
+ activesupport (>= 4.2.0)
8
+
1
9
  PATH
2
10
  remote: .
3
11
  specs:
4
- devise-secure_password (0.9.4)
12
+ devise-secure_password (1.0.5)
5
13
  devise (>= 4.0.0, < 5.0.0)
6
14
  railties (>= 5.0.0, < 6.0.0)
7
15
 
8
16
  GEM
9
17
  remote: https://rubygems.org/
10
18
  specs:
11
- actionpack (5.1.4)
12
- actionview (= 5.1.4)
13
- activesupport (= 5.1.4)
19
+ actioncable (5.2.0)
20
+ actionpack (= 5.2.0)
21
+ nio4r (~> 2.0)
22
+ websocket-driver (>= 0.6.1)
23
+ actionmailer (5.2.0)
24
+ actionpack (= 5.2.0)
25
+ actionview (= 5.2.0)
26
+ activejob (= 5.2.0)
27
+ mail (~> 2.5, >= 2.5.4)
28
+ rails-dom-testing (~> 2.0)
29
+ actionpack (5.2.0)
30
+ actionview (= 5.2.0)
31
+ activesupport (= 5.2.0)
14
32
  rack (~> 2.0)
15
33
  rack-test (>= 0.6.3)
16
34
  rails-dom-testing (~> 2.0)
17
35
  rails-html-sanitizer (~> 1.0, >= 1.0.2)
18
- actionview (5.1.4)
19
- activesupport (= 5.1.4)
36
+ actionview (5.2.0)
37
+ activesupport (= 5.2.0)
20
38
  builder (~> 3.1)
21
39
  erubi (~> 1.4)
22
40
  rails-dom-testing (~> 2.0)
23
41
  rails-html-sanitizer (~> 1.0, >= 1.0.3)
24
- activesupport (5.1.4)
42
+ activejob (5.2.0)
43
+ activesupport (= 5.2.0)
44
+ globalid (>= 0.3.6)
45
+ activemodel (5.2.0)
46
+ activesupport (= 5.2.0)
47
+ activerecord (5.2.0)
48
+ activemodel (= 5.2.0)
49
+ activesupport (= 5.2.0)
50
+ arel (>= 9.0)
51
+ activestorage (5.2.0)
52
+ actionpack (= 5.2.0)
53
+ activerecord (= 5.2.0)
54
+ marcel (~> 0.3.1)
55
+ activesupport (5.2.0)
25
56
  concurrent-ruby (~> 1.0, >= 1.0.2)
26
- i18n (~> 0.7)
57
+ i18n (>= 0.7, < 2)
27
58
  minitest (~> 5.1)
28
59
  tzinfo (~> 1.1)
60
+ addressable (2.5.2)
61
+ public_suffix (>= 2.0.2, < 4.0)
62
+ ansi (1.5.0)
63
+ arel (9.0.0)
64
+ ast (2.4.0)
29
65
  bcrypt (3.1.11)
30
66
  builder (3.2.3)
67
+ capybara (2.18.0)
68
+ addressable
69
+ mini_mime (>= 0.1.3)
70
+ nokogiri (>= 1.3.3)
71
+ rack (>= 1.0.0)
72
+ rack-test (>= 0.5.4)
73
+ xpath (>= 2.0, < 4.0)
74
+ capybara-screenshot (1.0.19)
75
+ capybara (>= 1.0, < 4)
76
+ launchy
77
+ childprocess (0.9.0)
78
+ ffi (~> 1.0, >= 1.0.11)
79
+ coffee-rails (4.2.2)
80
+ coffee-script (>= 2.2.0)
81
+ railties (>= 4.0.0)
82
+ coffee-script (2.4.1)
83
+ coffee-script-source
84
+ execjs
85
+ coffee-script-source (1.12.2)
31
86
  concurrent-ruby (1.0.5)
32
- crass (1.0.3)
33
- devise (4.4.0)
87
+ crass (1.0.4)
88
+ database_cleaner (1.7.0)
89
+ devise (4.4.3)
34
90
  bcrypt (~> 3.0)
35
91
  orm_adapter (~> 0.1)
36
- railties (>= 4.1.0, < 5.2)
92
+ railties (>= 4.1.0, < 6.0)
37
93
  responders
38
94
  warden (~> 1.2.3)
39
- erubi (1.7.0)
40
- i18n (0.9.1)
95
+ diff-lcs (1.3)
96
+ docile (1.1.5)
97
+ erubi (1.7.1)
98
+ erubis (2.7.0)
99
+ execjs (2.7.0)
100
+ ffi (1.9.23)
101
+ flay (2.11.0)
102
+ erubis (~> 2.7.0)
103
+ path_expander (~> 1.0)
104
+ ruby_parser (~> 3.0)
105
+ sexp_processor (~> 4.0)
106
+ globalid (0.4.1)
107
+ activesupport (>= 4.2.0)
108
+ hirb (0.7.3)
109
+ i18n (1.0.1)
41
110
  concurrent-ruby (~> 1.0)
42
- loofah (2.1.1)
111
+ json (2.1.0)
112
+ launchy (2.4.3)
113
+ addressable (~> 2.3)
114
+ libv8 (3.16.14.19)
115
+ loofah (2.2.2)
43
116
  crass (~> 1.0.2)
44
117
  nokogiri (>= 1.5.9)
118
+ mail (2.7.0)
119
+ mini_mime (>= 0.1.1)
120
+ marcel (0.3.2)
121
+ mimemagic (~> 0.3.2)
45
122
  method_source (0.9.0)
123
+ mimemagic (0.3.2)
124
+ mini_mime (1.0.0)
46
125
  mini_portile2 (2.3.0)
47
- minitest (5.11.1)
48
- nokogiri (1.8.1)
126
+ minitest (5.11.3)
127
+ nio4r (2.3.0)
128
+ nokogiri (1.8.2)
49
129
  mini_portile2 (~> 2.3.0)
50
130
  orm_adapter (0.5.0)
51
- rack (2.0.3)
52
- rack-test (0.8.2)
131
+ parallel (1.12.1)
132
+ parser (2.5.1.0)
133
+ ast (~> 2.4.0)
134
+ path_expander (1.0.3)
135
+ powerpack (0.1.1)
136
+ public_suffix (3.0.2)
137
+ rack (2.0.5)
138
+ rack-test (1.0.0)
53
139
  rack (>= 1.0, < 3)
140
+ rails (5.2.0)
141
+ actioncable (= 5.2.0)
142
+ actionmailer (= 5.2.0)
143
+ actionpack (= 5.2.0)
144
+ actionview (= 5.2.0)
145
+ activejob (= 5.2.0)
146
+ activemodel (= 5.2.0)
147
+ activerecord (= 5.2.0)
148
+ activestorage (= 5.2.0)
149
+ activesupport (= 5.2.0)
150
+ bundler (>= 1.3.0)
151
+ railties (= 5.2.0)
152
+ sprockets-rails (>= 2.0.0)
54
153
  rails-dom-testing (2.0.3)
55
154
  activesupport (>= 4.2.0)
56
155
  nokogiri (>= 1.6)
57
- rails-html-sanitizer (1.0.3)
58
- loofah (~> 2.0)
59
- railties (5.1.4)
60
- actionpack (= 5.1.4)
61
- activesupport (= 5.1.4)
156
+ rails-html-sanitizer (1.0.4)
157
+ loofah (~> 2.2, >= 2.2.2)
158
+ railties (5.2.0)
159
+ actionpack (= 5.2.0)
160
+ activesupport (= 5.2.0)
62
161
  method_source
63
162
  rake (>= 0.8.7)
64
163
  thor (>= 0.18.1, < 2.0)
65
- rake (12.3.0)
164
+ rainbow (3.0.0)
165
+ rake (12.3.1)
166
+ rb-fsevent (0.10.3)
167
+ rb-inotify (0.9.10)
168
+ ffi (>= 0.5.0, < 2)
169
+ ref (2.0.0)
66
170
  responders (2.4.0)
67
171
  actionpack (>= 4.2.0, < 5.3)
68
172
  railties (>= 4.2.0, < 5.3)
173
+ rspec (3.7.0)
174
+ rspec-core (~> 3.7.0)
175
+ rspec-expectations (~> 3.7.0)
176
+ rspec-mocks (~> 3.7.0)
177
+ rspec-core (3.7.1)
178
+ rspec-support (~> 3.7.0)
179
+ rspec-expectations (3.7.0)
180
+ diff-lcs (>= 1.2.0, < 2.0)
181
+ rspec-support (~> 3.7.0)
182
+ rspec-mocks (3.7.0)
183
+ diff-lcs (>= 1.2.0, < 2.0)
184
+ rspec-support (~> 3.7.0)
185
+ rspec-rails (3.7.2)
186
+ actionpack (>= 3.0)
187
+ activesupport (>= 3.0)
188
+ railties (>= 3.0)
189
+ rspec-core (~> 3.7.0)
190
+ rspec-expectations (~> 3.7.0)
191
+ rspec-mocks (~> 3.7.0)
192
+ rspec-support (~> 3.7.0)
193
+ rspec-support (3.7.1)
194
+ rspec_junit_formatter (0.3.0)
195
+ rspec-core (>= 2, < 4, != 2.12.0)
196
+ rubocop (0.55.0)
197
+ parallel (~> 1.10)
198
+ parser (>= 2.5)
199
+ powerpack (~> 0.1)
200
+ rainbow (>= 2.2.2, < 4.0)
201
+ ruby-progressbar (~> 1.7)
202
+ unicode-display_width (~> 1.0, >= 1.0.1)
203
+ ruby-progressbar (1.9.0)
204
+ ruby2ruby (2.4.1)
205
+ ruby_parser (~> 3.1)
206
+ sexp_processor (~> 4.6)
207
+ ruby_parser (3.11.0)
208
+ sexp_processor (~> 4.9)
209
+ rubyzip (1.2.1)
210
+ sass (3.5.6)
211
+ sass-listen (~> 4.0.0)
212
+ sass-listen (4.0.0)
213
+ rb-fsevent (~> 0.9, >= 0.9.4)
214
+ rb-inotify (~> 0.9, >= 0.9.7)
215
+ sass-rails (5.0.7)
216
+ railties (>= 4.0.0, < 6)
217
+ sass (~> 3.1)
218
+ sprockets (>= 2.8, < 4.0)
219
+ sprockets-rails (>= 2.0, < 4.0)
220
+ tilt (>= 1.1, < 3)
221
+ selenium-webdriver (3.11.0)
222
+ childprocess (~> 0.5)
223
+ rubyzip (~> 1.2)
224
+ sexp_processor (4.11.0)
225
+ simplecov (0.15.1)
226
+ docile (~> 1.1.0)
227
+ json (>= 1.8, < 3)
228
+ simplecov-html (~> 0.10.0)
229
+ simplecov-console (0.4.2)
230
+ ansi
231
+ hirb
232
+ simplecov
233
+ simplecov-html (0.10.2)
234
+ sprockets (3.7.1)
235
+ concurrent-ruby (~> 1.0)
236
+ rack (> 1, < 3)
237
+ sprockets-rails (3.2.1)
238
+ actionpack (>= 4.0)
239
+ activesupport (>= 4.0)
240
+ sprockets (>= 3.0.0)
241
+ sqlite3 (1.3.13)
242
+ therubyracer (0.12.3)
243
+ libv8 (~> 3.16.14.15)
244
+ ref
69
245
  thor (0.20.0)
70
246
  thread_safe (0.3.6)
71
- tzinfo (1.2.4)
247
+ tilt (2.0.8)
248
+ tzinfo (1.2.5)
72
249
  thread_safe (~> 0.1)
250
+ unicode-display_width (1.3.2)
73
251
  warden (1.2.7)
74
252
  rack (>= 1.0)
75
- yard (0.9.12)
253
+ websocket-driver (0.7.0)
254
+ websocket-extensions (>= 0.1.0)
255
+ websocket-extensions (0.1.3)
256
+ xpath (3.0.0)
257
+ nokogiri (~> 1.8)
76
258
 
77
259
  PLATFORMS
78
260
  ruby
79
261
 
80
262
  DEPENDENCIES
81
- bundler (~> 1.16.1)
263
+ bundler (~> 1.16, >= 1.16.1)
264
+ capybara (~> 2.16, >= 2.16.1)
265
+ capybara-screenshot (~> 1.0, >= 1.0.18)
266
+ coffee-rails (~> 4.2)
267
+ database_cleaner (~> 1.6, >= 1.6.2)
268
+ devise (~> 4.0)
82
269
  devise-secure_password!
83
- rake (~> 12.0)
84
- yard
270
+ flay (~> 2.10, >= 2.10.0)
271
+ launchy (~> 2.4, >= 2.4.3)
272
+ rails (~> 5.1, >= 5.1.4)
273
+ rake (~> 12.3)
274
+ rspec (~> 3.7)
275
+ rspec-rails (~> 3.7)
276
+ rspec_junit_formatter (~> 0.3)
277
+ rubocop (>= 0.49.0)
278
+ ruby2ruby (~> 2.4, >= 2.4.0)
279
+ sass-rails (~> 5.0)
280
+ selenium-webdriver (~> 3.7, >= 3.7.0)
281
+ shoulda-matchers!
282
+ simplecov (~> 0.15.1)
283
+ simplecov-console (~> 0.4.2)
284
+ sqlite3 (~> 1.3, >= 1.3.13)
285
+ therubyracer (~> 0.12.3)
85
286
 
86
287
  BUNDLED WITH
87
288
  1.16.1
data/README.md CHANGED
@@ -41,7 +41,7 @@ Add this line to your application's Gemfile:
41
41
 
42
42
  ```ruby
43
43
  gem 'devise', '~> 4.2'
44
- gem 'devise-secure_password', '~> 1.0.0'
44
+ gem 'devise-secure_password', '~> 1.0.5'
45
45
  ```
46
46
 
47
47
  And then execute:
@@ -80,39 +80,44 @@ Devise.setup do |config|
80
80
  # standard configuration parameter.
81
81
 
82
82
  # The number of uppercase letters (latin A-Z) required in a password:
83
- # config.password_required_uppercase_count = 0
83
+ # config.password_required_uppercase_count = 1
84
84
 
85
85
  # The number of lowercase letters (latin A-Z) required in a password:
86
- # config.password_required_lowercase_count = 0
86
+ # config.password_required_lowercase_count = 1
87
87
 
88
88
  # The number of numbers (0-9) required in a password:
89
- # config.password_required_number_count = 0
89
+ # config.password_required_number_count = 1
90
90
 
91
91
  # The number of special characters (!@#$%^&*()_+-=[]{}|') required in a password:
92
- # config.password_required_special_character_count = 0
92
+ # config.password_required_special_character_count = 1
93
93
 
94
94
  # ==> Configuration for the Devise Secure Password extension
95
95
  # Module: password_disallows_frequent_reuse
96
96
  #
97
97
  # The number of previously used passwords that can not be reused:
98
- # config.password_previously_used_count = 1
98
+ # config.password_previously_used_count = 8
99
99
 
100
100
  # ==> Configuration for the Devise Secure Password extension
101
101
  # Module: password_disallows_frequent_changes
102
102
  # *Requires* password_disallows_frequent_reuse
103
103
  #
104
104
  # The minimum time that must pass between password changes:
105
- # config.password_minimum_age = 0.days
105
+ # config.password_minimum_age = 1.days
106
106
 
107
107
  # ==> Configuration for the Devise Secure Password extension
108
108
  # Module: password_requires_regular_updates
109
109
  # *Requires* password_disallows_frequent_reuse
110
110
  #
111
111
  # The maximum allowed age of a password:
112
- # config.password_maximum_age = 365.days
112
+ # config.password_maximum_age = 180.days
113
113
  end
114
114
  ```
115
115
 
116
+ >NOTE: Password policy defaults have been selected as a middle-of-the-road combination based on published
117
+ recommendations by [Microsoft](https://technet.microsoft.com/en-us/library/ff741764.aspx) and
118
+ [Carnegie Mellon University](https://www.cmu.edu/iso/governance/guidelines/password-management.html). It is up to
119
+ __YOU__ to verify the default settings and make adjustments where necessary.
120
+
116
121
  Enable the __Devise Secure Password Extension__ enforcement in your Devise model(s):
117
122
 
118
123
  ```ruby
@@ -174,6 +179,31 @@ And then:
174
179
  prompt> bundle exec rake db:migrate
175
180
  ```
176
181
 
182
+ ### Displaying errors
183
+
184
+ You will likely want to display errors, produced as a result of secure password enforcement violations, to your users.
185
+ Errors are available via the `User.errors` array and via the `devise_error_messages!` method. An example usage follows
186
+ and is taken from the default password `edit.html.erb` page:
187
+
188
+ ```erb
189
+ <%= form_for(resource, as: resource_name, url: [resource_name, :password_with_policy], html: { method: :put }) do |f| %>
190
+ <% if resource.errors.full_messages.count.positive? %>
191
+ <%= devise_error_messages! %>
192
+ <% end %>
193
+
194
+ <p><%= f.label :current_password, 'Current password' %><br />
195
+ <%= f.password_field :current_password %></p>
196
+
197
+ <p><%= f.label :password, 'New password' %><br />
198
+ <%= f.password_field :password %></p>
199
+
200
+ <p><%= f.label :password_confirmation, 'Password confirmation' %><br />
201
+ <%= f.password_field :password_confirmation %></p>
202
+
203
+ <p><%= f.submit 'Update' %></p>
204
+ <% end %>
205
+ ```
206
+
177
207
  <a name="running-tests"></a>
178
208
 
179
209
  ## Running Tests
data/coverage/index.html CHANGED
@@ -14,7 +14,7 @@
14
14
  <img src="./assets/0.10.2/loading.gif" alt="loading"/>
15
15
  </div>
16
16
  <div id="wrapper" style="display:none;">
17
- <div class="timestamp">Generated <abbr class="timeago" title="2018-04-28T21:17:06-07:00">2018-04-28T21:17:06-07:00</abbr></div>
17
+ <div class="timestamp">Generated <abbr class="timeago" title="2018-04-29T19:21:42-07:00">2018-04-29T19:21:42-07:00</abbr></div>
18
18
  <ul class="group_tabs"></ul>
19
19
 
20
20
  <div id="content">
@@ -133,7 +133,7 @@
133
133
  <tr>
134
134
  <td class="strong"><a href="#610c7e3624991293372156293eb507f0b5546b94" class="src_link" title="lib/devise/secure_password/models/previous_password.rb">lib/devise/secure_password/models/previous_password.rb</a></td>
135
135
  <td class="green strong">100.0 %</td>
136
- <td>22</td>
136
+ <td>20</td>
137
137
  <td>13</td>
138
138
  <td>13</td>
139
139
  <td>0</td>
@@ -281,7 +281,7 @@
281
281
  <tr>
282
282
  <td class="strong"><a href="#610c7e3624991293372156293eb507f0b5546b94" class="src_link" title="lib/devise/secure_password/models/previous_password.rb">lib/devise/secure_password/models/previous_password.rb</a></td>
283
283
  <td class="green strong">100.0 %</td>
284
- <td>22</td>
284
+ <td>20</td>
285
285
  <td>13</td>
286
286
  <td>13</td>
287
287
  <td>0</td>
@@ -2293,8 +2293,8 @@
2293
2293
  <code class="ruby"> if Rails.version &gt; &#39;5.1&#39;</code>
2294
2294
  </li>
2295
2295
 
2296
- <li class="missed" data-hits="0" data-linenumber="58">
2297
-
2296
+ <li class="covered" data-hits="41" data-linenumber="58">
2297
+ <span class="hits">41</span>
2298
2298
 
2299
2299
  <code class="ruby"> saved_change_to_encrypted_password?</code>
2300
2300
  </li>
@@ -2305,8 +2305,8 @@
2305
2305
  <code class="ruby"> else</code>
2306
2306
  </li>
2307
2307
 
2308
- <li class="covered" data-hits="41" data-linenumber="60">
2309
- <span class="hits">41</span>
2308
+ <li class="missed" data-hits="0" data-linenumber="60">
2309
+
2310
2310
 
2311
2311
  <code class="ruby"> encrypted_password_changed?</code>
2312
2312
  </li>
@@ -3628,67 +3628,55 @@
3628
3628
  <code class="ruby"> def fresh?(minimum_age_duration, now = ::Time.zone.now)</code>
3629
3629
  </li>
3630
3630
 
3631
- <li class="never" data-hits="" data-linenumber="12">
3632
-
3633
-
3634
- <code class="ruby"> # @NOTE fix for history = 1, use updated_at</code>
3635
- </li>
3636
-
3637
- <li class="covered" data-hits="10" data-linenumber="13">
3631
+ <li class="covered" data-hits="10" data-linenumber="12">
3638
3632
  <span class="hits">10</span>
3639
3633
 
3640
- <code class="ruby"> now &lt;= (updated_at + minimum_age_duration)</code>
3634
+ <code class="ruby"> now &lt;= (created_at + minimum_age_duration)</code>
3641
3635
  </li>
3642
3636
 
3643
- <li class="never" data-hits="" data-linenumber="14">
3637
+ <li class="never" data-hits="" data-linenumber="13">
3644
3638
 
3645
3639
 
3646
3640
  <code class="ruby"> end</code>
3647
3641
  </li>
3648
3642
 
3649
- <li class="never" data-hits="" data-linenumber="15">
3643
+ <li class="never" data-hits="" data-linenumber="14">
3650
3644
 
3651
3645
 
3652
3646
  <code class="ruby"></code>
3653
3647
  </li>
3654
3648
 
3655
- <li class="covered" data-hits="1" data-linenumber="16">
3649
+ <li class="covered" data-hits="1" data-linenumber="15">
3656
3650
  <span class="hits">1</span>
3657
3651
 
3658
3652
  <code class="ruby"> def stale?(maximum_age_duration, now = ::Time.zone.now)</code>
3659
3653
  </li>
3660
3654
 
3661
- <li class="never" data-hits="" data-linenumber="17">
3662
-
3663
-
3664
- <code class="ruby"> # @NOTE fix for history = 1, use updated_at</code>
3665
- </li>
3666
-
3667
- <li class="covered" data-hits="8" data-linenumber="18">
3655
+ <li class="covered" data-hits="8" data-linenumber="16">
3668
3656
  <span class="hits">8</span>
3669
3657
 
3670
- <code class="ruby"> now &gt; (updated_at + maximum_age_duration)</code>
3658
+ <code class="ruby"> now &gt; (created_at + maximum_age_duration)</code>
3671
3659
  </li>
3672
3660
 
3673
- <li class="never" data-hits="" data-linenumber="19">
3661
+ <li class="never" data-hits="" data-linenumber="17">
3674
3662
 
3675
3663
 
3676
3664
  <code class="ruby"> end</code>
3677
3665
  </li>
3678
3666
 
3679
- <li class="never" data-hits="" data-linenumber="20">
3667
+ <li class="never" data-hits="" data-linenumber="18">
3680
3668
 
3681
3669
 
3682
3670
  <code class="ruby"> end</code>
3683
3671
  </li>
3684
3672
 
3685
- <li class="never" data-hits="" data-linenumber="21">
3673
+ <li class="never" data-hits="" data-linenumber="19">
3686
3674
 
3687
3675
 
3688
3676
  <code class="ruby"> end</code>
3689
3677
  </li>
3690
3678
 
3691
- <li class="never" data-hits="" data-linenumber="22">
3679
+ <li class="never" data-hits="" data-linenumber="20">
3692
3680
 
3693
3681
 
3694
3682
  <code class="ruby">end</code>
@@ -9,7 +9,7 @@ GIT
9
9
  PATH
10
10
  remote: ..
11
11
  specs:
12
- devise-secure_password (1.0.4)
12
+ devise-secure_password (1.0.5)
13
13
  devise (>= 4.0.0, < 5.0.0)
14
14
  railties (>= 5.0.0, < 6.0.0)
15
15
 
@@ -9,7 +9,7 @@ GIT
9
9
  PATH
10
10
  remote: ..
11
11
  specs:
12
- devise-secure_password (1.0.4)
12
+ devise-secure_password (1.0.5)
13
13
  devise (>= 4.0.0, < 5.0.0)
14
14
  railties (>= 5.0.0, < 6.0.0)
15
15
 
@@ -12,19 +12,19 @@ require 'devise/secure_password/models/password_requires_regular_updates'
12
12
 
13
13
  module Devise
14
14
  # password_content_enforcement configuration parameters
15
- @password_required_uppercase_count = 0
16
- @password_required_lowercase_count = 0
17
- @password_required_number_count = 0
18
- @password_required_special_character_count = 0
15
+ @password_required_uppercase_count = 1
16
+ @password_required_lowercase_count = 1
17
+ @password_required_number_count = 1
18
+ @password_required_special_character_count = 1
19
19
 
20
20
  # password_frequent_reuse_prevention configuration parameters
21
- @password_previously_used_count = 1
21
+ @password_previously_used_count = 8
22
22
 
23
23
  # password_frequent_change_prevention configuration parameters
24
- @password_minimum_age = 0.days
24
+ @password_minimum_age = 1.day
25
25
 
26
26
  # password_regular_update_enforcement configuration parameters
27
- @password_maximum_age = 365.days
27
+ @password_maximum_age = 180.days
28
28
 
29
29
  class << self
30
30
  attr_accessor :password_required_uppercase_count
@@ -3,17 +3,17 @@ module Devise
3
3
  class PreviousPassword < ::ActiveRecord::Base
4
4
  self.table_name = 'previous_passwords'
5
5
  belongs_to :user
6
- default_scope -> { order(created_at: :desc) }
6
+ default_scope -> { order(id: :desc) }
7
7
  validates :user_id, presence: true
8
8
  validates :salt, presence: true
9
9
  validates :encrypted_password, presence: true
10
10
 
11
11
  def fresh?(minimum_age_duration, now = ::Time.zone.now)
12
- now <= (updated_at + minimum_age_duration)
12
+ now <= (created_at + minimum_age_duration)
13
13
  end
14
14
 
15
15
  def stale?(maximum_age_duration, now = ::Time.zone.now)
16
- now > (updated_at + maximum_age_duration)
16
+ now > (created_at + maximum_age_duration)
17
17
  end
18
18
  end
19
19
  end
@@ -1,5 +1,5 @@
1
1
  module Devise
2
2
  module SecurePassword
3
- VERSION = '1.0.4'.freeze
3
+ VERSION = '1.0.5'.freeze
4
4
  end
5
5
  end
@@ -10,34 +10,34 @@ Devise.setup do |config|
10
10
  # standard configuration parameter.
11
11
 
12
12
  # The number of uppercase letters (latin A-Z) required in a password:
13
- # config.password_required_uppercase_count = 0
13
+ # config.password_required_uppercase_count = 1
14
14
 
15
15
  # The number of lowercase letters (latin A-Z) required in a password:
16
- # config.password_required_lowercase_count = 0
16
+ # config.password_required_lowercase_count = 1
17
17
 
18
18
  # The number of numbers (0-9) required in a password:
19
- # config.password_required_number_count = 0
19
+ # config.password_required_number_count = 1
20
20
 
21
21
  # The number of special characters (!@#$%^&*()_+-=[]{}|') required in a password:
22
- # config.password_required_special_character_count = 0
22
+ # config.password_required_special_character_count = 1
23
23
 
24
24
  # ==> Configuration for the Devise Secure Password extension
25
25
  # Module: password_disallows_frequent_reuse
26
26
  #
27
27
  # The number of previously used passwords that can not be reused:
28
- # config.password_previously_used_count = 1
28
+ # config.password_previously_used_count = 8
29
29
 
30
30
  # ==> Configuration for the Devise Secure Password extension
31
31
  # Module: password_disallows_frequent_changes
32
32
  # *Requires* password_disallows_frequent_reuse
33
33
  #
34
34
  # The minimum time that must pass between password changes:
35
- # config.password_minimum_age = 0.days
35
+ # config.password_minimum_age = 1.days
36
36
 
37
37
  # ==> Configuration for the Devise Secure Password extension
38
38
  # Module: password_requires_regular_updates
39
39
  # *Requires* password_disallows_frequent_reuse
40
40
  #
41
41
  # The maximum allowed age of a password:
42
- # config.password_maximum_age = 365.days
42
+ # config.password_maximum_age = 180.days
43
43
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-secure_password
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mark Eissler
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-04-29 00:00:00.000000000 Z
11
+ date: 2018-04-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -412,6 +412,7 @@ extensions: []
412
412
  extra_rdoc_files: []
413
413
  files:
414
414
  - "./CODE_OF_CONDUCT.md"
415
+ - "./Changelog.md"
415
416
  - "./Dockerfile"
416
417
  - "./Dockerfile.prev"
417
418
  - "./Gemfile"
@@ -472,6 +473,7 @@ files:
472
473
  - "./lib/generators/devise/templates/secure_password.rb"
473
474
  - "./lib/support/string/character_counter.rb"
474
475
  - "./pkg/devise-secure_password-1.0.3.gem"
476
+ - "./pkg/devise-secure_password-1.0.4.gem"
475
477
  homepage: https://github.com/valimail/devise-secure_password
476
478
  licenses:
477
479
  - MIT