RubyGems - devise-secure_password - Versions diffs - 1.0.7 → 1.0.8 - Mend

devise-secure_password 1.0.7 → 1.0.8

Files changed (47) hide show

data/gemfiles/rails-5_1.gemfile.lock CHANGED Viewed

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise-secure_password (1.0.6)
+    devise-secure_password (1.0.8)
       devise (>= 4.0.0, < 5.0.0)
       railties (>= 5.0.0, < 6.0.0)
@@ -94,7 +94,7 @@ GEM
     erubi (1.7.1)
     erubis (2.7.0)
     execjs (2.7.0)
-    ffi (1.9.23)
+    ffi (1.9.25)
     flay (2.12.0)
       erubis (~> 2.7.0)
       path_expander (~> 1.0)
@@ -105,6 +105,7 @@ GEM
     hirb (0.7.3)
     i18n (1.0.1)
       concurrent-ruby (~> 1.0)
+    jaro_winkler (1.5.1)
     json (2.1.0)
     launchy (2.4.3)
       addressable (~> 2.3)
@@ -126,7 +127,7 @@ GEM
     parser (2.5.1.0)
       ast (~> 2.4.0)
     path_expander (1.0.3)
-    powerpack (0.1.1)
+    powerpack (0.1.2)
     public_suffix (3.0.2)
     rack (2.0.5)
     rack-test (1.0.0)
@@ -184,9 +185,10 @@ GEM
       rspec-mocks (~> 3.7.0)
       rspec-support (~> 3.7.0)
     rspec-support (3.7.1)
-    rspec_junit_formatter (0.3.0)
+    rspec_junit_formatter (0.4.1)
       rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (0.56.0)
+    rubocop (0.57.2)
+      jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
       parser (>= 2.5)
       powerpack (~> 0.1)
@@ -240,13 +242,13 @@ GEM
     tilt (2.0.8)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    unicode-display_width (1.3.2)
+    unicode-display_width (1.4.0)
     warden (1.2.7)
       rack (>= 1.0)
     websocket-driver (0.6.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.3)
-    xpath (3.0.0)
+    xpath (3.1.0)
       nokogiri (~> 1.8)
 PLATFORMS

data/gemfiles/rails-5_1_4.gemfile.lock ADDED Viewed

@@ -0,0 +1,282 @@
+GIT
+  remote: https://github.com/thoughtbot/shoulda-matchers.git
+  revision: 4b160bd19ecca7f97d7ac22dccd5fde9b0da5a9f
+  branch: rails-5
+  specs:
+    shoulda-matchers (3.1.2)
+      activesupport (>= 4.2.0)
+PATH
+  remote: ..
+  specs:
+    devise-secure_password (1.0.5)
+      devise (>= 4.0.0, < 5.0.0)
+      railties (>= 5.0.0, < 6.0.0)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.1.6)
+      actionpack (= 5.1.6)
+      nio4r (~> 2.0)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.1.6)
+      actionpack (= 5.1.6)
+      actionview (= 5.1.6)
+      activejob (= 5.1.6)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.1.6)
+      actionview (= 5.1.6)
+      activesupport (= 5.1.6)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.1.6)
+      activesupport (= 5.1.6)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (5.1.6)
+      activesupport (= 5.1.6)
+      globalid (>= 0.3.6)
+    activemodel (5.1.6)
+      activesupport (= 5.1.6)
+    activerecord (5.1.6)
+      activemodel (= 5.1.6)
+      activesupport (= 5.1.6)
+      arel (~> 8.0)
+    activesupport (5.1.6)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    ansi (1.5.0)
+    arel (8.0.0)
+    ast (2.4.0)
+    bcrypt (3.1.11)
+    builder (3.2.3)
+    byebug (10.0.2)
+    capybara (2.18.0)
+      addressable
+      mini_mime (>= 0.1.3)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      xpath (>= 2.0, < 4.0)
+    capybara-screenshot (1.0.19)
+      capybara (>= 1.0, < 4)
+      launchy
+    childprocess (0.9.0)
+      ffi (~> 1.0, >= 1.0.11)
+    coffee-rails (4.2.2)
+      coffee-script (>= 2.2.0)
+      railties (>= 4.0.0)
+    coffee-script (2.4.1)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.12.2)
+    concurrent-ruby (1.0.5)
+    crass (1.0.4)
+    database_cleaner (1.7.0)
+    devise (4.4.3)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0, < 6.0)
+      responders
+      warden (~> 1.2.3)
+    diff-lcs (1.3)
+    docile (1.1.5)
+    erubi (1.7.1)
+    erubis (2.7.0)
+    execjs (2.7.0)
+    ffi (1.9.23)
+    flay (2.11.0)
+      erubis (~> 2.7.0)
+      path_expander (~> 1.0)
+      ruby_parser (~> 3.0)
+      sexp_processor (~> 4.0)
+    globalid (0.4.1)
+      activesupport (>= 4.2.0)
+    hirb (0.7.3)
+    i18n (1.0.1)
+      concurrent-ruby (~> 1.0)
+    json (2.1.0)
+    launchy (2.4.3)
+      addressable (~> 2.3)
+    libv8 (3.16.14.19)
+    loofah (2.2.2)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
+    method_source (0.9.0)
+    mini_mime (1.0.0)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
+    nio4r (2.3.0)
+    nokogiri (1.8.2)
+      mini_portile2 (~> 2.3.0)
+    orm_adapter (0.5.0)
+    parallel (1.12.1)
+    parser (2.5.1.0)
+      ast (~> 2.4.0)
+    path_expander (1.0.3)
+    powerpack (0.1.1)
+    public_suffix (3.0.2)
+    rack (2.0.5)
+    rack-test (1.0.0)
+      rack (>= 1.0, < 3)
+    rails (5.1.6)
+      actioncable (= 5.1.6)
+      actionmailer (= 5.1.6)
+      actionpack (= 5.1.6)
+      actionview (= 5.1.6)
+      activejob (= 5.1.6)
+      activemodel (= 5.1.6)
+      activerecord (= 5.1.6)
+      activesupport (= 5.1.6)
+      bundler (>= 1.3.0)
+      railties (= 5.1.6)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
+    railties (5.1.6)
+      actionpack (= 5.1.6)
+      activesupport (= 5.1.6)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rainbow (3.0.0)
+    rake (12.3.1)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    ref (2.0.0)
+    responders (2.4.0)
+      actionpack (>= 4.2.0, < 5.3)
+      railties (>= 4.2.0, < 5.3)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-rails (3.7.2)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    rspec_junit_formatter (0.3.0)
+      rspec-core (>= 2, < 4, != 2.12.0)
+    rubocop (0.55.0)
+      parallel (~> 1.10)
+      parser (>= 2.5)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.9.0)
+    ruby2ruby (2.4.1)
+      ruby_parser (~> 3.1)
+      sexp_processor (~> 4.6)
+    ruby_parser (3.11.0)
+      sexp_processor (~> 4.9)
+    rubyzip (1.2.1)
+    sass (3.5.6)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    sass-rails (5.0.7)
+      railties (>= 4.0.0, < 6)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (>= 1.1, < 3)
+    selenium-webdriver (3.11.0)
+      childprocess (~> 0.5)
+      rubyzip (~> 1.2)
+    sexp_processor (4.11.0)
+    simplecov (0.15.1)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-console (0.4.2)
+      ansi
+      hirb
+      simplecov
+    simplecov-html (0.10.2)
+    sprockets (3.7.1)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.3.13)
+    therubyracer (0.12.3)
+      libv8 (~> 3.16.14.15)
+      ref
+    thor (0.20.0)
+    thread_safe (0.3.6)
+    tilt (2.0.8)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    unicode-display_width (1.3.2)
+    warden (1.2.7)
+      rack (>= 1.0)
+    websocket-driver (0.6.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.3)
+    xpath (3.0.0)
+      nokogiri (~> 1.8)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (~> 1.16, >= 1.16.1)
+  byebug
+  capybara (~> 2.16, >= 2.16.1)
+  capybara-screenshot (~> 1.0, >= 1.0.18)
+  coffee-rails (~> 4.2)
+  database_cleaner (~> 1.6, >= 1.6.2)
+  devise (~> 4.0)
+  devise-secure_password!
+  flay (~> 2.10, >= 2.10.0)
+  launchy (~> 2.4, >= 2.4.3)
+  rails (~> 5.1.0)
+  rake (~> 12.3)
+  rspec (~> 3.7)
+  rspec-rails (~> 3.7)
+  rspec_junit_formatter (~> 0.3)
+  rubocop (>= 0.49.0)
+  ruby2ruby (~> 2.4, >= 2.4.0)
+  sass-rails (~> 5.0)
+  selenium-webdriver (~> 3.7, >= 3.7.0)
+  shoulda-matchers!
+  simplecov (~> 0.15.1)
+  simplecov-console (~> 0.4.2)
+  sqlite3 (~> 1.3, >= 1.3.13)
+  therubyracer (~> 0.12.3)
+BUNDLED WITH
+   1.16.1

data/lib/devise/secure_password.rb CHANGED Viewed

@@ -9,6 +9,7 @@ require 'devise/secure_password/models/password_has_required_content'
 require 'devise/secure_password/models/password_disallows_frequent_reuse'
 require 'devise/secure_password/models/password_disallows_frequent_changes'
 require 'devise/secure_password/models/password_requires_regular_updates'
+require 'devise/secure_password/grammar'
 module Devise
   # password_content_enforcement configuration parameters

data/lib/devise/secure_password/controllers/helpers.rb CHANGED Viewed

@@ -5,6 +5,8 @@ module Devise
         extend ActiveSupport::Concern
         included do
+          include Devise::SecurePassword::Grammar
           before_action :authenticate_secure_password!, unless: :devise_controller?
         end
@@ -32,7 +34,7 @@ module Devise
         def error_string_for_password_expired
           I18n.t(
             'secure_password.password_requires_regular_updates.errors.messages.password_expired',
-            timeframe: distance_of_time_in_words(warden.user.class.password_maximum_age)
+            timeframe: precise_distance_of_time_in_words(warden.user.class.password_maximum_age)
           )
         end

data/lib/devise/secure_password/grammar.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# lib/support/string/grammar.rb
+#
+module Devise
+  module SecurePassword
+    module Grammar
+      # distance_in_words without determiner words: about, almost, over, etc.
+      def precise_distance_of_time_in_words(from_time, to_time = 0, options = {})
+        precise_options = { scope: :'secure_password.datetime.precise_distance_in_words' }
+        distance_of_time_in_words(from_time, to_time, options.merge!(precise_options))
+      end
+    end
+  end
+end

data/lib/devise/secure_password/models/password_disallows_frequent_changes.rb CHANGED Viewed

@@ -7,6 +7,8 @@ module Devise
       included do
         include ActionView::Helpers::DateHelper
+        include Devise::SecurePassword::Grammar
         validate :validate_password_frequent_change, if: :password_required?
         set_callback(:initialize, :before, :before_resource_initialized)
@@ -17,7 +19,7 @@ module Devise
         if encrypted_password_changed? && password_recent?
           error_string = I18n.t(
             'secure_password.password_disallows_frequent_changes.errors.messages.password_is_recent',
-            timeframe: distance_of_time_in_words(self.class.password_minimum_age)
+            timeframe: precise_distance_of_time_in_words(self.class.password_minimum_age)
           )
           errors.add(:base, error_string)
         end

data/lib/devise/secure_password/models/password_has_required_content.rb CHANGED Viewed

@@ -10,24 +10,37 @@ module Devise
       included do
         validate :validate_password_content, if: :password_required?
         validate :validate_password_confirmation_content, if: :password_required?
+        validate :validate_password_confirmation, if: :password_required?
       end
       def validate_password_content
         self.password ||= ''
+        errors.delete(:password)
         validate_password_content_for(:password)
         errors[:password].count.zero?
       end
       def validate_password_confirmation_content
-        self.password_confirmation ||= ''
+        return true if password_confirmation.nil? # rails skips password_confirmation validation if nil!
+        errors.delete(:password_confirmation)
         validate_password_content_for(:password_confirmation)
         errors[:password_confirmation].count.zero?
       end
+      def validate_password_confirmation
+        return true if password_confirmation.nil? # rails skips password_confirmation validation if nil!
+        unless password == password_confirmation
+          human_attribute_name = self.class.human_attribute_name(:password)
+          errors.add(:password_confirmation, :confirmation, attribute: human_attribute_name)
+        end
+        errors[:password_confirmation].count.zero?
+      end
       def validate_password_content_for(attr)
         return unless respond_to?(attr) && !(password_obj = send(attr)).nil?
         ::Support::String::CharacterCounter.new.count(password_obj).each do |type, dict|
           error_string =  case type
+                          when :length then validate_length(dict[:count])
                           when :unknown then validate_unknown(dict)
                           else validate_type(type, dict)
                           end
@@ -47,14 +60,33 @@ module Devise
       def validate_type(type, dict)
         type_total = dict.values.reduce(0, :+)
         error_string = if type_total < required_char_counts_for_type(type)[:min]
-                         error_string_for_length(type, :min)
+                         error_string_for_type_length(type, :min)
                        elsif type_total > required_char_counts_for_type(type)[:max]
-                         error_string_for_length(type, :max)
+                         error_string_for_type_length(type, :max)
                        end
         error_string
       end
-      def error_string_for_length(type, threshold = :min)
+      def validate_length(dict)
+        if dict < Devise.password_length.min
+          error_string_for_length(:min)
+        elsif dict > Devise.password_length.max
+          error_string_for_length(:max)
+        end
+      end
+      def error_string_for_length(threshold = :min)
+        lang_key = case threshold
+                   when :min then 'secure_password.password_has_required_content.errors.messages.minimum_length'
+                   when :max then 'secure_password.password_has_required_content.errors.messages.maximum_length'
+                   else return ''
+                   end
+        count = required_char_counts_for_type(:length)[threshold]
+        I18n.t(lang_key, count: count, subject: 'character'.pluralize(count))
+      end
+      def error_string_for_type_length(type, threshold = :min)
         lang_key = case threshold
                    when :min then 'secure_password.password_has_required_content.errors.messages.minimum_characters'
                    when :max then 'secure_password.password_has_required_content.errors.messages.maximum_characters'
@@ -101,6 +133,10 @@ module Devise
         def config
           {
             REQUIRED_CHAR_COUNTS: {
+              length: {
+                min: Devise.password_length.min,
+                max: Devise.password_length.max
+              },
               uppercase: {
                 min: password_required_uppercase_count,
                 max: LENGTH_MAX