devise-secure_password 2.0.1 → 2.2.0

data/app/controllers/devise/passwords_with_policy_controller.rb

@@ -63,7 +63,7 @@ module Devise
 
       # do what devise would do under normal circumstances but also be aware of
       # secure_password or other validators that would be ignored by devise.
-      result = if resource.errors.count.zero?
+      result = if resource.errors.none?
                  resource.update(params)
                else
                  false

data/devise-secure_password.gemspec

@@ -24,12 +24,16 @@ Gem::Specification.new do |spec|
   spec.files         = Dir['./**/*'].reject do |f|
     f.match(%r{^./(test|spec|features|lib/tasks)/|Gemfile.lock.ci})
   end
+
+  spec.metadata = {
+    'rubygems_mfa_required' => 'true'
+  }
+
   spec.executables   = spec.files.grep(%r{^bin/}).map { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_runtime_dependency 'devise', '>= 4.0.0', '< 5.0.0'
-  spec.add_runtime_dependency 'railties', '>= 5.0.0', '< 7.0.0'
+  spec.add_dependency 'devise', '>= 4.0.0', '< 5.0.0'
+  spec.add_dependency 'railties', '>= 5.0.0', '< 9.0.0'
 
   spec.add_development_dependency 'bundler',                 '>= 2.2.14'
   spec.add_development_dependency 'capybara',                '>= 3.35.3'
@@ -38,7 +42,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'devise',                  '~> 4.0'
   spec.add_development_dependency 'flay',                    '>= 2.10.0'
   spec.add_development_dependency 'launchy',                 '>= 2.4.3'
-  spec.add_development_dependency 'rails',                   '>= 5.2.0'
+  spec.add_development_dependency 'rails',                   '>= 7.0'
   spec.add_development_dependency 'rake',                    '>= 12.3'
   spec.add_development_dependency 'rspec',                   '>= 3.7'
   spec.add_development_dependency 'rspec_junit_formatter',   '>= 0.3'
@@ -50,7 +54,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'selenium-webdriver',      '>= 3.7.0'
   spec.add_development_dependency 'simplecov',               '>= 0.18.2'
   spec.add_development_dependency 'simplecov-console',       '>= 0.4.2'
-  spec.add_development_dependency 'sqlite3',                 '>= 1.3.13'
+  spec.add_development_dependency 'sqlite3',                 '>= 1.7.0'
 
-  spec.required_ruby_version = '>= 2.7'
+  spec.required_ruby_version = '>= 3.2'
 end

data/gemfiles/rails_7_0.gemfile

@@ -0,0 +1,67 @@
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+ENV['RAILS_TARGET'] ||= '7.0'
+
+gemspec path: '../'
+
+# Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
+gem 'rails', '~> 7.1.3', '>= 7.1.3.4'
+
+# The original asset pipeline for Rails [https://github.com/rails/sprockets-rails]
+gem 'sprockets-rails'
+
+# Use sqlite3 as the database for Active Record
+gem 'sqlite3', '~> 1.4'
+
+# Use the Puma web server [https://github.com/puma/puma]
+gem 'puma', '~> 6.0'
+
+# Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails]
+gem 'importmap-rails'
+
+# Hotwire's SPA-like page accelerator [https://turbo.hotwired.dev]
+gem 'turbo-rails'
+
+# Hotwire's modest JavaScript framework [https://stimulus.hotwired.dev]
+gem 'stimulus-rails'
+
+# Build JSON APIs with ease [https://github.com/rails/jbuilder]
+gem 'jbuilder'
+
+# Use Redis adapter to run Action Cable in production
+# gem "redis", ">= 4.0.1"
+
+# Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]
+# gem "kredis"
+
+# Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
+# gem "bcrypt", "~> 3.1.7"
+
+# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
+gem 'tzinfo-data', platforms: %i(windows jruby)
+
+# Reduces boot times through caching; required in config/boot.rb
+gem 'bootsnap', require: false
+
+# Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
+# gem "image_processing", "~> 1.2"
+
+group :development do
+  # Use console on exceptions pages [https://github.com/rails/web-console]
+  gem 'web-console'
+
+  # Speed up commands on slow machines / big apps [https://github.com/rails/spring]
+  # gem "spring"
+end
+
+group :test do
+  # Adds support for Capybara system testing and selenium driver
+  gem 'capybara', '>= 3.26'
+  gem 'codecov', require: false
+  gem 'selenium-webdriver'
+  gem 'shoulda-matchers'
+  # Easy installation and use of web drivers to run system tests with browsers
+  gem 'webdrivers'
+  gem 'webrick'
+end

data/gemfiles/rails_8_0.gemfile

@@ -0,0 +1,71 @@
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+ENV['RAILS_TARGET'] ||= '8.0'
+
+gemspec path: '../'
+
+# Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
+gem 'rails', '~> 8.0.2', '>= 8.0.2.1'
+# The modern asset pipeline for Rails [https://github.com/rails/propshaft]
+gem 'propshaft'
+# Use sqlite3 as the database for Active Record
+gem 'sqlite3', '>= 2.1'
+# Use the Puma web server [https://github.com/puma/puma]
+gem 'puma', '~> 6.0'
+# Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails]
+gem 'importmap-rails'
+# Hotwire's SPA-like page accelerator [https://turbo.hotwired.dev]
+gem 'turbo-rails'
+# Hotwire's modest JavaScript framework [https://stimulus.hotwired.dev]
+gem 'stimulus-rails'
+# Build JSON APIs with ease [https://github.com/rails/jbuilder]
+gem 'jbuilder'
+
+# Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
+# gem "bcrypt", "~> 3.1.7"
+
+# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
+gem 'tzinfo-data', platforms: %i(windows jruby)
+
+# Use the database-backed adapters for Rails.cache, Active Job, and Action Cable
+gem 'solid_cable'
+gem 'solid_cache'
+gem 'solid_queue'
+
+# Reduces boot times through caching; required in config/boot.rb
+gem 'bootsnap', require: false
+
+# Deploy this application anywhere as a Docker container [https://kamal-deploy.org]
+gem 'kamal', require: false
+
+# Add HTTP asset caching/compression and X-Sendfile acceleration to Puma [https://github.com/basecamp/thruster/]
+gem 'thruster', require: false
+
+# Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
+# gem "image_processing", "~> 1.2"
+
+group :development, :test do
+  # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
+  gem 'debug', platforms: %i(mri windows), require: 'debug/prelude'
+
+  # Static analysis for security vulnerabilities [https://brakemanscanner.org/]
+  gem 'brakeman', require: false
+
+  # Omakase Ruby styling [https://github.com/rails/rubocop-rails-omakase/]
+  gem 'rubocop-rails-omakase', require: false
+end
+
+group :development do
+  # Use console on exceptions pages [https://github.com/rails/web-console]
+  gem 'web-console'
+end
+
+group :test do
+  # Use system testing [https://guides.rubyonrails.org/testing.html#system-testing]
+  gem 'capybara'
+  gem 'codecov', require: false
+  gem 'selenium-webdriver'
+  gem 'shoulda-matchers'
+  gem 'webrick'
+end

data/lib/devise/secure_password/models/password_disallows_frequent_changes.rb

@@ -24,7 +24,7 @@ module Devise
           errors.add(:base, error_string)
         end
 
-        errors.count.zero?
+        errors.none?
       end
 
       def password_recent?
@@ -37,15 +37,15 @@ module Devise
       def before_resource_initialized
         return if self.class.respond_to?(:password_previously_used_count)
 
-        raise ConfigurationError, <<-ERROR.strip_heredoc
+        raise ConfigurationError, <<~ERROR
 
-        The password_disallows_frequent_changes module depends on the
-        password_disallows_frequent_reuse module. Verify that you have
-        added both modules to your model, for example:
+          The password_disallows_frequent_changes module depends on the
+          password_disallows_frequent_reuse module. Verify that you have
+          added both modules to your model, for example:
 
-          devise :database_authenticatable, :registerable,
-            :password_disallows_frequent_reuse,
-            :password_disallows_frequent_changes
+            devise :database_authenticatable, :registerable,
+              :password_disallows_frequent_reuse,
+              :password_disallows_frequent_changes
         ERROR
       end
 

data/lib/devise/secure_password/models/password_disallows_frequent_reuse.rb

@@ -27,7 +27,7 @@ module Devise
           errors.add(:base, error_string)
         end
 
-        errors.count.zero?
+        errors.none?
       end
 
       protected
@@ -41,7 +41,7 @@ module Devise
       end
 
       def previous_password?(password)
-        salts = previous_passwords.select(:salt).map(&:salt)
+        salts = previous_passwords.pluck(:salt)
         pepper = self.class.pepper.presence || ''
 
         salts.each do |salt|

data/lib/devise/secure_password/models/password_has_required_content.rb

@@ -17,7 +17,7 @@ module Devise
         self.password ||= ''
         errors.delete(:password)
         validate_password_content_for(:password)
-        errors[:password].count.zero?
+        errors[:password].none?
       end
 
       def validate_password_confirmation_content
@@ -25,7 +25,7 @@ module Devise
 
         errors.delete(:password_confirmation)
         validate_password_content_for(:password_confirmation)
-        errors[:password_confirmation].count.zero?
+        errors[:password_confirmation].none?
       end
 
       def validate_password_confirmation
@@ -35,7 +35,7 @@ module Devise
           human_attribute_name = self.class.human_attribute_name(:password)
           errors.add(:password_confirmation, :confirmation, attribute: human_attribute_name)
         end
-        errors[:password_confirmation].count.zero?
+        errors[:password_confirmation].none?
       end
 
       def validate_password_content_for(attr)

data/lib/devise/secure_password/models/password_requires_regular_updates.rb

@@ -20,15 +20,15 @@ module Devise
       def before_regular_update_initialized
         return if self.class.respond_to?(:password_previously_used_count)
 
-        raise ConfigurationError, <<-ERROR.strip_heredoc
+        raise ConfigurationError, <<~ERROR
 
-        The password_requires_regular_updates module depends on the
-        password_disallows_frequent_reuse module. Verify that you have
-        added both modules to your model, for example:
+          The password_requires_regular_updates module depends on the
+          password_disallows_frequent_reuse module. Verify that you have
+          added both modules to your model, for example:
 
-          devise :database_authenticatable, :registerable,
-            :password_disallows_frequent_reuse,
-            :password_requires_regular_updates
+            devise :database_authenticatable, :registerable,
+              :password_disallows_frequent_reuse,
+              :password_requires_regular_updates
         ERROR
       end
 

data/lib/devise/secure_password/models/previous_password.rb

@@ -3,7 +3,7 @@ module Devise
     class PreviousPassword < ::ActiveRecord::Base
       self.table_name = 'previous_passwords'
       belongs_to :user
-      default_scope -> { order(id: :desc) }
+      default_scope -> { order(created_at: :desc) }
       validates :user_id, presence: true
       validates :salt, presence: true
       validates :encrypted_password, presence: true

data/lib/devise/secure_password/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module SecurePassword
-    VERSION = '2.0.1'.freeze
+    VERSION = '2.2.0'.freeze
   end
 end

data/lib/generators/devise/templates/secure_password.rb

@@ -18,7 +18,7 @@ Devise.setup do |config|
   # The number of numbers (0-9) required in a password:
   # config.password_required_number_count = 1
 
-  # The number of special characters (!@#$%^&*()_+-=[]{}|') required in a password:
+  # The number of special characters ( !@#$%^&*()_+-=[]{}|'"/\.,`<>:;?~) required in a password:
   # config.password_required_special_character_count = 1
 
   # ==> Configuration for the Devise Secure Password extension

data/lib/support/string/character_counter.rb

@@ -11,7 +11,7 @@ module Support
           uppercase: characters_to_dictionary(('A'..'Z').to_a),
           lowercase: characters_to_dictionary(('a'..'z').to_a),
           number: characters_to_dictionary(('0'..'9').to_a),
-          special: characters_to_dictionary(%w(! @ # $ % ^ & * ( ) _ + - = [ ] { } | ')),
+          special: characters_to_dictionary([' ', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '_', '+', '-', '=', '[', ']', '{', '}', '|', '"', '/', '\\', '.', ',', '`', '<', '>', ':', ';', '?', '~', "'"]),
           unknown: {}
         }
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-secure_password
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.2.0
 platform: ruby
 authors:
 - Mark Eissler
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-04 00:00:00.000000000 Z
+date: 2025-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -39,7 +39,7 @@ dependencies:
         version: 5.0.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: 7.0.0
+        version: 9.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -49,7 +49,7 @@ dependencies:
         version: 5.0.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: 7.0.0
+        version: 9.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -154,14 +154,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.0
+        version: '7.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.0
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -322,14 +322,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.13
+        version: 1.7.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.13
+        version: 1.7.0
 description: Adds configurable password policy enforcement to devise.
 email:
 - mark.eissler@valimail.com
@@ -353,10 +353,8 @@ files:
 - "./config/locales/en.yml"
 - "./devise-secure_password.gemspec"
 - "./docker-entrypoint.sh"
-- "./gemfiles/rails_6_0.gemfile"
-- "./gemfiles/rails_6_0.gemfile.lock"
-- "./gemfiles/rails_6_1.gemfile"
-- "./gemfiles/rails_6_1.gemfile.lock"
+- "./gemfiles/rails_7_0.gemfile"
+- "./gemfiles/rails_8_0.gemfile"
 - "./lib/devise/secure_password.rb"
 - "./lib/devise/secure_password/controllers/devise_helpers.rb"
 - "./lib/devise/secure_password/controllers/helpers.rb"
@@ -372,12 +370,13 @@ files:
 - "./lib/generators/devise/templates/README.txt"
 - "./lib/generators/devise/templates/secure_password.rb"
 - "./lib/support/string/character_counter.rb"
-- "./pkg/devise-secure_password-2.0.0.gem"
 - "./pkg/devise-secure_password-2.0.1.gem"
+- "./pkg/devise-secure_password-2.1.0.gem"
 homepage: https://github.com/valimail/devise-secure_password
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -386,14 +385,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.16
+rubygems_version: 3.5.11
 signing_key:
 specification_version: 4
 summary: A devise password policy enforcement extension.

data/gemfiles/rails_6_0.gemfile

@@ -1,57 +0,0 @@
-source 'https://rubygems.org'
-git_source(:github) { |repo| "https://github.com/#{repo}.git" }
-
-ENV['RAILS_TARGET'] ||= '6.0'
-
-gemspec path: '../'
-
-# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 6.0.3', '>= 6.0.3.6'
-# Use sqlite3 as the database for Active Record
-gem 'sqlite3', '~> 1.4'
-# Use Puma as the app server
-gem 'puma', '~> 4.1'
-# Use SCSS for stylesheets
-gem 'sass-rails', '>= 6'
-# Transpile app-like JavaScript. Read more: https://github.com/rails/webpacker
-gem 'webpacker', '~> 4.0'
-# Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks
-gem 'turbolinks', '~> 5'
-# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
-gem 'jbuilder', '~> 2.7'
-# Use Redis adapter to run Action Cable in production
-# gem 'redis', '~> 4.0'
-# Use Active Model has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
-
-# Use Active Storage variant
-# gem 'image_processing', '~> 1.2'
-
-# Reduces boot times through caching; required in config/boot.rb
-gem 'bootsnap', '>= 1.4.2', require: false
-
-group :development, :test do
-  # Call 'byebug' anywhere in the code to stop execution and get a debugger console
-  gem 'byebug', platforms: %i(mri mingw x64_mingw)
-end
-
-group :development do
-  # Access an interactive console on exception pages or by calling 'console' anywhere in the code.
-  gem 'listen', '~> 3.2'
-  gem 'web-console', '>= 3.3.0'
-end
-
-group :test do
-  # Adds support for Capybara system testing and selenium driver
-  gem 'capybara', '>= 2.15'
-  gem 'codecov', require: false
-  gem 'selenium-webdriver'
-  gem 'shoulda-matchers'
-  # Easy installation and use of web drivers to run system tests with browsers
-  gem 'webdrivers'
-end
-
-# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
-gem 'tzinfo-data', platforms: %i(mingw mswin x64_mingw jruby)
-
-gem 'webrick', '~> 1.7'