RubyGems - devise-secure_password - Versions diffs - 1.0.7 → 1.0.8 - Mend

devise-secure_password 1.0.7 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

data/gemfiles/rails-5_1.gemfile.lock CHANGED Viewed

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise-secure_password (1.0.6)
+    devise-secure_password (1.0.8)
       devise (>= 4.0.0, < 5.0.0)
       railties (>= 5.0.0, < 6.0.0)
@@ -94,7 +94,7 @@ GEM
     erubi (1.7.1)
     erubis (2.7.0)
     execjs (2.7.0)
-    ffi (1.9.23)
+    ffi (1.9.25)
     flay (2.12.0)
       erubis (~> 2.7.0)
       path_expander (~> 1.0)
@@ -105,6 +105,7 @@ GEM
     hirb (0.7.3)
     i18n (1.0.1)
       concurrent-ruby (~> 1.0)
+    jaro_winkler (1.5.1)
     json (2.1.0)
     launchy (2.4.3)
       addressable (~> 2.3)
@@ -126,7 +127,7 @@ GEM
     parser (2.5.1.0)
       ast (~> 2.4.0)
     path_expander (1.0.3)
-    powerpack (0.1.1)
+    powerpack (0.1.2)
     public_suffix (3.0.2)
     rack (2.0.5)
     rack-test (1.0.0)
@@ -184,9 +185,10 @@ GEM
       rspec-mocks (~> 3.7.0)
       rspec-support (~> 3.7.0)
     rspec-support (3.7.1)
-    rspec_junit_formatter (0.3.0)
+    rspec_junit_formatter (0.4.1)
       rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (0.56.0)
+    rubocop (0.57.2)
+      jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
       parser (>= 2.5)
       powerpack (~> 0.1)
@@ -240,13 +242,13 @@ GEM
     tilt (2.0.8)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    unicode-display_width (1.3.2)
+    unicode-display_width (1.4.0)
     warden (1.2.7)
       rack (>= 1.0)
     websocket-driver (0.6.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.3)
-    xpath (3.0.0)
+    xpath (3.1.0)
       nokogiri (~> 1.8)
 PLATFORMS

data/gemfiles/rails-5_1_4.gemfile.lock ADDED Viewed

@@ -0,0 +1,282 @@
+GIT
+  remote: https://github.com/thoughtbot/shoulda-matchers.git
+  revision: 4b160bd19ecca7f97d7ac22dccd5fde9b0da5a9f
+  branch: rails-5
+  specs:
+    shoulda-matchers (3.1.2)
+      activesupport (>= 4.2.0)
+PATH
+  remote: ..
+  specs:
+    devise-secure_password (1.0.5)
+      devise (>= 4.0.0, < 5.0.0)
+      railties (>= 5.0.0, < 6.0.0)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.1.6)
+      actionpack (= 5.1.6)
+      nio4r (~> 2.0)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.1.6)
+      actionpack (= 5.1.6)
+      actionview (= 5.1.6)
+      activejob (= 5.1.6)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.1.6)
+      actionview (= 5.1.6)
+      activesupport (= 5.1.6)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.1.6)
+      activesupport (= 5.1.6)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (5.1.6)
+      activesupport (= 5.1.6)
+      globalid (>= 0.3.6)
+    activemodel (5.1.6)
+      activesupport (= 5.1.6)
+    activerecord (5.1.6)
+      activemodel (= 5.1.6)
+      activesupport (= 5.1.6)
+      arel (~> 8.0)
+    activesupport (5.1.6)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    ansi (1.5.0)
+    arel (8.0.0)
+    ast (2.4.0)
+    bcrypt (3.1.11)
+    builder (3.2.3)
+    byebug (10.0.2)
+    capybara (2.18.0)
+      addressable
+      mini_mime (>= 0.1.3)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      xpath (>= 2.0, < 4.0)
+    capybara-screenshot (1.0.19)
+      capybara (>= 1.0, < 4)
+      launchy
+    childprocess (0.9.0)
+      ffi (~> 1.0, >= 1.0.11)
+    coffee-rails (4.2.2)
+      coffee-script (>= 2.2.0)
+      railties (>= 4.0.0)
+    coffee-script (2.4.1)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.12.2)
+    concurrent-ruby (1.0.5)
+    crass (1.0.4)
+    database_cleaner (1.7.0)
+    devise (4.4.3)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0, < 6.0)
+      responders
+      warden (~> 1.2.3)
+    diff-lcs (1.3)
+    docile (1.1.5)
+    erubi (1.7.1)
+    erubis (2.7.0)
+    execjs (2.7.0)
+    ffi (1.9.23)
+    flay (2.11.0)
+      erubis (~> 2.7.0)
+      path_expander (~> 1.0)
+      ruby_parser (~> 3.0)
+      sexp_processor (~> 4.0)
+    globalid (0.4.1)
+      activesupport (>= 4.2.0)
+    hirb (0.7.3)
+    i18n (1.0.1)
+      concurrent-ruby (~> 1.0)
+    json (2.1.0)
+    launchy (2.4.3)
+      addressable (~> 2.3)
+    libv8 (3.16.14.19)
+    loofah (2.2.2)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
+    method_source (0.9.0)
+    mini_mime (1.0.0)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
+    nio4r (2.3.0)
+    nokogiri (1.8.2)
+      mini_portile2 (~> 2.3.0)
+    orm_adapter (0.5.0)
+    parallel (1.12.1)
+    parser (2.5.1.0)
+      ast (~> 2.4.0)
+    path_expander (1.0.3)
+    powerpack (0.1.1)
+    public_suffix (3.0.2)
+    rack (2.0.5)
+    rack-test (1.0.0)
+      rack (>= 1.0, < 3)
+    rails (5.1.6)
+      actioncable (= 5.1.6)
+      actionmailer (= 5.1.6)
+      actionpack (= 5.1.6)
+      actionview (= 5.1.6)
+      activejob (= 5.1.6)
+      activemodel (= 5.1.6)
+      activerecord (= 5.1.6)
+      activesupport (= 5.1.6)
+      bundler (>= 1.3.0)
+      railties (= 5.1.6)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
+    railties (5.1.6)
+      actionpack (= 5.1.6)
+      activesupport (= 5.1.6)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rainbow (3.0.0)
+    rake (12.3.1)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    ref (2.0.0)
+    responders (2.4.0)
+      actionpack (>= 4.2.0, < 5.3)
+      railties (>= 4.2.0, < 5.3)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-rails (3.7.2)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    rspec_junit_formatter (0.3.0)
+      rspec-core (>= 2, < 4, != 2.12.0)
+    rubocop (0.55.0)
+      parallel (~> 1.10)
+      parser (>= 2.5)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.9.0)
+    ruby2ruby (2.4.1)
+      ruby_parser (~> 3.1)
+      sexp_processor (~> 4.6)
+    ruby_parser (3.11.0)
+      sexp_processor (~> 4.9)
+    rubyzip (1.2.1)
+    sass (3.5.6)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    sass-rails (5.0.7)
+      railties (>= 4.0.0, < 6)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (>= 1.1, < 3)
+    selenium-webdriver (3.11.0)
+      childprocess (~> 0.5)
+      rubyzip (~> 1.2)
+    sexp_processor (4.11.0)
+    simplecov (0.15.1)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-console (0.4.2)
+      ansi
+      hirb
+      simplecov
+    simplecov-html (0.10.2)
+    sprockets (3.7.1)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.3.13)
+    therubyracer (0.12.3)
+      libv8 (~> 3.16.14.15)
+      ref
+    thor (0.20.0)
+    thread_safe (0.3.6)
+    tilt (2.0.8)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    unicode-display_width (1.3.2)
+    warden (1.2.7)
+      rack (>= 1.0)
+    websocket-driver (0.6.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.3)
+    xpath (3.0.0)
+      nokogiri (~> 1.8)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (~> 1.16, >= 1.16.1)
+  byebug
+  capybara (~> 2.16, >= 2.16.1)
+  capybara-screenshot (~> 1.0, >= 1.0.18)
+  coffee-rails (~> 4.2)
+  database_cleaner (~> 1.6, >= 1.6.2)
+  devise (~> 4.0)
+  devise-secure_password!
+  flay (~> 2.10, >= 2.10.0)
+  launchy (~> 2.4, >= 2.4.3)
+  rails (~> 5.1.0)
+  rake (~> 12.3)
+  rspec (~> 3.7)
+  rspec-rails (~> 3.7)
+  rspec_junit_formatter (~> 0.3)
+  rubocop (>= 0.49.0)
+  ruby2ruby (~> 2.4, >= 2.4.0)
+  sass-rails (~> 5.0)
+  selenium-webdriver (~> 3.7, >= 3.7.0)
+  shoulda-matchers!
+  simplecov (~> 0.15.1)
+  simplecov-console (~> 0.4.2)
+  sqlite3 (~> 1.3, >= 1.3.13)
+  therubyracer (~> 0.12.3)
+BUNDLED WITH
+   1.16.1

data/lib/devise/secure_password.rb CHANGED Viewed

@@ -9,6 +9,7 @@ require 'devise/secure_password/models/password_has_required_content'
 require 'devise/secure_password/models/password_disallows_frequent_reuse'
 require 'devise/secure_password/models/password_disallows_frequent_changes'
 require 'devise/secure_password/models/password_requires_regular_updates'
+require 'devise/secure_password/grammar'
 module Devise
   # password_content_enforcement configuration parameters

data/lib/devise/secure_password/controllers/helpers.rb CHANGED Viewed

@@ -5,6 +5,8 @@ module Devise
         extend ActiveSupport::Concern
         included do
+          include Devise::SecurePassword::Grammar
           before_action :authenticate_secure_password!, unless: :devise_controller?
         end
@@ -32,7 +34,7 @@ module Devise
         def error_string_for_password_expired
           I18n.t(
             'secure_password.password_requires_regular_updates.errors.messages.password_expired',
-            timeframe: distance_of_time_in_words(warden.user.class.password_maximum_age)
+            timeframe: precise_distance_of_time_in_words(warden.user.class.password_maximum_age)
           )
         end

data/lib/devise/secure_password/grammar.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# lib/support/string/grammar.rb
+#
+module Devise
+  module SecurePassword
+    module Grammar
+      # distance_in_words without determiner words: about, almost, over, etc.
+      def precise_distance_of_time_in_words(from_time, to_time = 0, options = {})
+        precise_options = { scope: :'secure_password.datetime.precise_distance_in_words' }
+        distance_of_time_in_words(from_time, to_time, options.merge!(precise_options))
+      end
+    end
+  end
+end

data/lib/devise/secure_password/models/password_disallows_frequent_changes.rb CHANGED Viewed

@@ -7,6 +7,8 @@ module Devise
       included do
         include ActionView::Helpers::DateHelper
+        include Devise::SecurePassword::Grammar
         validate :validate_password_frequent_change, if: :password_required?
         set_callback(:initialize, :before, :before_resource_initialized)
@@ -17,7 +19,7 @@ module Devise
         if encrypted_password_changed? && password_recent?
           error_string = I18n.t(
             'secure_password.password_disallows_frequent_changes.errors.messages.password_is_recent',
-            timeframe: distance_of_time_in_words(self.class.password_minimum_age)
+            timeframe: precise_distance_of_time_in_words(self.class.password_minimum_age)
           )
           errors.add(:base, error_string)
         end

data/lib/devise/secure_password/models/password_has_required_content.rb CHANGED Viewed

@@ -10,24 +10,37 @@ module Devise
       included do
         validate :validate_password_content, if: :password_required?
         validate :validate_password_confirmation_content, if: :password_required?
+        validate :validate_password_confirmation, if: :password_required?
       end
       def validate_password_content
         self.password ||= ''
+        errors.delete(:password)
         validate_password_content_for(:password)
         errors[:password].count.zero?
       end
       def validate_password_confirmation_content
-        self.password_confirmation ||= ''
+        return true if password_confirmation.nil? # rails skips password_confirmation validation if nil!
+        errors.delete(:password_confirmation)
         validate_password_content_for(:password_confirmation)
         errors[:password_confirmation].count.zero?
       end
+      def validate_password_confirmation
+        return true if password_confirmation.nil? # rails skips password_confirmation validation if nil!
+        unless password == password_confirmation
+          human_attribute_name = self.class.human_attribute_name(:password)
+          errors.add(:password_confirmation, :confirmation, attribute: human_attribute_name)
+        end
+        errors[:password_confirmation].count.zero?
+      end
       def validate_password_content_for(attr)
         return unless respond_to?(attr) && !(password_obj = send(attr)).nil?
         ::Support::String::CharacterCounter.new.count(password_obj).each do |type, dict|
           error_string =  case type
+                          when :length then validate_length(dict[:count])
                           when :unknown then validate_unknown(dict)
                           else validate_type(type, dict)
                           end
@@ -47,14 +60,33 @@ module Devise
       def validate_type(type, dict)
         type_total = dict.values.reduce(0, :+)
         error_string = if type_total < required_char_counts_for_type(type)[:min]
-                         error_string_for_length(type, :min)
+                         error_string_for_type_length(type, :min)
                        elsif type_total > required_char_counts_for_type(type)[:max]
-                         error_string_for_length(type, :max)
+                         error_string_for_type_length(type, :max)
                        end
         error_string
       end
-      def error_string_for_length(type, threshold = :min)
+      def validate_length(dict)
+        if dict < Devise.password_length.min
+          error_string_for_length(:min)
+        elsif dict > Devise.password_length.max
+          error_string_for_length(:max)
+        end
+      end
+      def error_string_for_length(threshold = :min)
+        lang_key = case threshold
+                   when :min then 'secure_password.password_has_required_content.errors.messages.minimum_length'
+                   when :max then 'secure_password.password_has_required_content.errors.messages.maximum_length'
+                   else return ''
+                   end
+        count = required_char_counts_for_type(:length)[threshold]
+        I18n.t(lang_key, count: count, subject: 'character'.pluralize(count))
+      end
+      def error_string_for_type_length(type, threshold = :min)
         lang_key = case threshold
                    when :min then 'secure_password.password_has_required_content.errors.messages.minimum_characters'
                    when :max then 'secure_password.password_has_required_content.errors.messages.maximum_characters'
@@ -101,6 +133,10 @@ module Devise
         def config
           {
             REQUIRED_CHAR_COUNTS: {
+              length: {
+                min: Devise.password_length.min,
+                max: Devise.password_length.max
+              },
               uppercase: {
                 min: password_required_uppercase_count,
                 max: LENGTH_MAX