devise-secure_password 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2e80099b8c322cd261f7a0fbd90084067f7dddfdd54f3dae8fcddb5332f8699
-  data.tar.gz: d2d48b58dc422ff894eec4d13628059fb41dcbbd80adc7e7a3a5062c7bb78ae3
+  metadata.gz: 6b497afcb9228f9d31d65d09e83e1b59f0ad3a0babb2d52fb12daf44d9ea0691
+  data.tar.gz: f404ea921f3638b33a9f5df2ec0970d8b8729922dce7038997bca8308a1e9a46
 SHA512:
-  metadata.gz: c4bd7731fedbef2c0fcc378e7b99a1f062b219158d111474d9610b66ae65f57810f4919fe2041b9834afde0aa80b81ffeff449d83c29d4790c1dbcc686e659f3
-  data.tar.gz: ba5e45d193293c1e3e76899fea8b1689772bf8cfd19f54f5a61659f1a4e2868df7cca5e297de504dc73809bb99000b6217fcfe60c477281c77aa22621fba06d1
+  metadata.gz: 688fc04a757c27c38a4ad6c2ac720e207eef54fc8fc07e1ca9671010a074174fe2b93f578d8fbd00d7658c798d2506fdacb84e52b8b0a77b6697951aee1c55b9
+  data.tar.gz: 496f831d18bca6195c7bb76870f8495bc9f6441a3dae2ca0947e71a3394ca25569c31cc9b558f39fdf3352c41944451185e2997e54c1d8f7829425d0a53ea5e3

data/Changelog.md

@@ -1,5 +1,9 @@
 # Changelog: devise-secure_password
 
+## 2.2.0 / 2025-08-19
+* Adds support to Rails 8.0 and ruby 3.4
+* Drop support Rails 6.1 and ruby 3.1
+
 ## 2.1.0 / 2024-06-02
 
 * Various CircleCI updates.

data/README.md

@@ -26,28 +26,28 @@ The goal of this project is to provide compatibility for officially supported st
 and [Ruby on Rails](http://guides.rubyonrails.org/maintenance_policy.html). More specifically, the following releases
 are currently supported by the __Devise Secure Password Extension__:
 
-- Ruby on Rails: __6.1.x__, __7.0.x__
-- Ruby: __3.1.x__, __3.2.x__, __3.3.x__
+- Ruby on Rails: __7.0.x__, __8.0.x__
+- Ruby: __3.2.x__, __3.3.x__, __3.4.x__
 
 ### Updating to a New Rails Version
 
 This gem uses so-called "dummy" apps in the specs to verify compatibility with a major/minor version of Rails.  Adding a new major/minor version of Rails requires us to add a new "dummy" app in the spec folder, and a corresponding Gemfile in the gemfiles directory.  While manual, this process is relatively straightforward:
 
-1. Create a new Rails app in the directory `spec/rails_<major>_<minor>` by using the Rails generator for that version, ensuring you skip Git setup.  (e.g. `cd spec; rails _6.0.3.6_ new rails-app-6_0 --skip-git`)
-2. Move the Gemfile from the newly created app to the `gemfiles` directory and rename it with the major/minor version (e.g. `mv spec/rails_6_1/Gemfile gemfiles/rails_6_1.gemfile`)
+1. Create a new Rails app in the directory `spec/rails_<major>_<minor>` by using the Rails generator for that version, ensuring you skip Git setup.  (e.g. `cd spec; rails _7.2.2.2_ new rails-app-7_0 --skip-git`)
+2. Move the Gemfile from the newly created app to the `gemfiles` directory and rename it with the major/minor version (e.g. `mv spec/rails_7_0/Gemfile gemfiles/rails_7_0.gemfile`)
 3. Update the Gemfile to include the Rails target and gemspec immediately beneath the source declarations, like this:
 
 ```ruby
 source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
-ENV['RAILS_TARGET'] ||= '6.1'
+ENV['RAILS_TARGET'] ||= '7.0'
 
 gemspec path: '../'
 ```
 
 4. Add `gem 'shoulda-matchers'` under the test group in the new Gemfile
-5. Ensure you can bundle by running `bundle` with the `BUNDLE_GEMFILE` variable set to the new Gemfile (i.e. `BUNDLE_GEMFILE=gemfiles/rails_6_1.gemfile bundle`).  This should run successfully - fix as needed.
+5. Ensure you can bundle by running `bundle` with the `BUNDLE_GEMFILE` variable set to the new Gemfile (i.e. `BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle`).  This should run successfully - fix as needed.
 6. Copy the file `config/initializers/devise.rb` from an existing "dummy" app to the same location in the new app.
 7. Copy the file `config/routes.rb` from an existing "dummy" app to the same location in the new app.
 8. Copy the contents of the `db/migrate` directory from an existing "dummy" app to the same location in the new app.  Copy the `db/schema.rb` and `db/test.sqlite3` as well
@@ -56,7 +56,7 @@ gemspec path: '../'
 11. Copy the `app/views/static_pages` directory from an existing "dummy" app to the same location in the new app.
 12. Update the `app/views/layouts/application.html.erb` in the new app to have the same `<body>` content and `<title>` as the same file in an existing "dummy" app.
 13. At this point you should be able to run specs.  (i.e. `BUNDLE_GEMFILE=gemfiles/rails_6_1.gemfile bundle exec rake`).  Run specs and fix version specific issues, taking care to maintain backwards compatibility with supported versions.
-14. You should also run Rubocop (i.e. `BUNDLE_GEMFILE=gemfiles/rails_6_1.gemfile bundle exec rubocop`) and fix whatever issues are reported (again, maintaining backwards compatibility)
+14. You should also run Rubocop (i.e. `BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle exec rubocop`) and fix whatever issues are reported (again, maintaining backwards compatibility)
 15. In the `.circleci/config.yml` file update the `current_rails_gemfile` and `previous_rails_gemfile` to reference the new version and the previous version of Rails to be supported
 16. Delete any files for old Rails versions that are no longer supported - "dummy" apps and the corresponding `gemfiles` Gemfile.
 17. Update the Circle CI badge label in this README to reflect the newly supported Rails version.
@@ -183,7 +183,7 @@ Edit the resulting file to disallow null values for the hash,add indexes for bot
 add the timestamp (created_at, updated_at) fields:
 
 ```ruby
-class CreatePreviousPasswords < ActiveRecord::Migration[5.1]
+class CreatePreviousPasswords < ActiveRecord::Migration[7.0]
   def change
     create_table :previous_passwords do |t|
       t.string :salt, null: false
@@ -255,7 +255,7 @@ To determine the Ruby on Rails versions supported by this release, run the follo
 prompt> gem install flay ruby2ruby rubocop rspec
 prompt> rake test:spec:targets
 
-Available Rails targets: 7.0, 6.1
+Available Rails targets: 7.0, 8.0
 ```
 
 Reconfigure the project by specifying the correct Gemfile when running bundler, followed by running tests:

data/app/controllers/devise/passwords_with_policy_controller.rb

@@ -63,7 +63,7 @@ module Devise
 
       # do what devise would do under normal circumstances but also be aware of
       # secure_password or other validators that would be ignored by devise.
-      result = if resource.errors.count.zero?
+      result = if resource.errors.none?
                  resource.update(params)
                else
                  false

data/devise-secure_password.gemspec

@@ -32,8 +32,8 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^bin/}).map { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_runtime_dependency 'devise', '>= 4.0.0', '< 5.0.0'
-  spec.add_runtime_dependency 'railties', '>= 5.0.0', '< 8.0.0'
+  spec.add_dependency 'devise', '>= 4.0.0', '< 5.0.0'
+  spec.add_dependency 'railties', '>= 5.0.0', '< 9.0.0'
 
   spec.add_development_dependency 'bundler',                 '>= 2.2.14'
   spec.add_development_dependency 'capybara',                '>= 3.35.3'
@@ -42,7 +42,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'devise',                  '~> 4.0'
   spec.add_development_dependency 'flay',                    '>= 2.10.0'
   spec.add_development_dependency 'launchy',                 '>= 2.4.3'
-  spec.add_development_dependency 'rails',                   '>= 6.1.0'
+  spec.add_development_dependency 'rails',                   '>= 7.0'
   spec.add_development_dependency 'rake',                    '>= 12.3'
   spec.add_development_dependency 'rspec',                   '>= 3.7'
   spec.add_development_dependency 'rspec_junit_formatter',   '>= 0.3'
@@ -56,5 +56,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'simplecov-console',       '>= 0.4.2'
   spec.add_development_dependency 'sqlite3',                 '>= 1.7.0'
 
-  spec.required_ruby_version = '>= 2.7'
+  spec.required_ruby_version = '>= 3.2'
 end

data/gemfiles/rails_7_0.gemfile

@@ -15,7 +15,7 @@ gem 'sprockets-rails'
 gem 'sqlite3', '~> 1.4'
 
 # Use the Puma web server [https://github.com/puma/puma]
-gem 'puma', '>= 5.0'
+gem 'puma', '~> 6.0'
 
 # Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails]
 gem 'importmap-rails'
@@ -63,4 +63,5 @@ group :test do
   gem 'shoulda-matchers'
   # Easy installation and use of web drivers to run system tests with browsers
   gem 'webdrivers'
+  gem 'webrick'
 end

data/gemfiles/rails_8_0.gemfile

@@ -0,0 +1,71 @@
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+ENV['RAILS_TARGET'] ||= '8.0'
+
+gemspec path: '../'
+
+# Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
+gem 'rails', '~> 8.0.2', '>= 8.0.2.1'
+# The modern asset pipeline for Rails [https://github.com/rails/propshaft]
+gem 'propshaft'
+# Use sqlite3 as the database for Active Record
+gem 'sqlite3', '>= 2.1'
+# Use the Puma web server [https://github.com/puma/puma]
+gem 'puma', '~> 6.0'
+# Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails]
+gem 'importmap-rails'
+# Hotwire's SPA-like page accelerator [https://turbo.hotwired.dev]
+gem 'turbo-rails'
+# Hotwire's modest JavaScript framework [https://stimulus.hotwired.dev]
+gem 'stimulus-rails'
+# Build JSON APIs with ease [https://github.com/rails/jbuilder]
+gem 'jbuilder'
+
+# Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]
+# gem "bcrypt", "~> 3.1.7"
+
+# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
+gem 'tzinfo-data', platforms: %i(windows jruby)
+
+# Use the database-backed adapters for Rails.cache, Active Job, and Action Cable
+gem 'solid_cable'
+gem 'solid_cache'
+gem 'solid_queue'
+
+# Reduces boot times through caching; required in config/boot.rb
+gem 'bootsnap', require: false
+
+# Deploy this application anywhere as a Docker container [https://kamal-deploy.org]
+gem 'kamal', require: false
+
+# Add HTTP asset caching/compression and X-Sendfile acceleration to Puma [https://github.com/basecamp/thruster/]
+gem 'thruster', require: false
+
+# Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
+# gem "image_processing", "~> 1.2"
+
+group :development, :test do
+  # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
+  gem 'debug', platforms: %i(mri windows), require: 'debug/prelude'
+
+  # Static analysis for security vulnerabilities [https://brakemanscanner.org/]
+  gem 'brakeman', require: false
+
+  # Omakase Ruby styling [https://github.com/rails/rubocop-rails-omakase/]
+  gem 'rubocop-rails-omakase', require: false
+end
+
+group :development do
+  # Use console on exceptions pages [https://github.com/rails/web-console]
+  gem 'web-console'
+end
+
+group :test do
+  # Use system testing [https://guides.rubyonrails.org/testing.html#system-testing]
+  gem 'capybara'
+  gem 'codecov', require: false
+  gem 'selenium-webdriver'
+  gem 'shoulda-matchers'
+  gem 'webrick'
+end

data/lib/devise/secure_password/models/password_disallows_frequent_changes.rb

@@ -24,7 +24,7 @@ module Devise
           errors.add(:base, error_string)
         end
 
-        errors.count.zero?
+        errors.none?
       end
 
       def password_recent?

data/lib/devise/secure_password/models/password_disallows_frequent_reuse.rb

@@ -27,7 +27,7 @@ module Devise
           errors.add(:base, error_string)
         end
 
-        errors.count.zero?
+        errors.none?
       end
 
       protected

data/lib/devise/secure_password/models/password_has_required_content.rb

@@ -17,7 +17,7 @@ module Devise
         self.password ||= ''
         errors.delete(:password)
         validate_password_content_for(:password)
-        errors[:password].count.zero?
+        errors[:password].none?
       end
 
       def validate_password_confirmation_content
@@ -25,7 +25,7 @@ module Devise
 
         errors.delete(:password_confirmation)
         validate_password_content_for(:password_confirmation)
-        errors[:password_confirmation].count.zero?
+        errors[:password_confirmation].none?
       end
 
       def validate_password_confirmation
@@ -35,7 +35,7 @@ module Devise
           human_attribute_name = self.class.human_attribute_name(:password)
           errors.add(:password_confirmation, :confirmation, attribute: human_attribute_name)
         end
-        errors[:password_confirmation].count.zero?
+        errors[:password_confirmation].none?
       end
 
       def validate_password_content_for(attr)

data/lib/devise/secure_password/models/previous_password.rb

@@ -3,7 +3,7 @@ module Devise
     class PreviousPassword < ::ActiveRecord::Base
       self.table_name = 'previous_passwords'
       belongs_to :user
-      default_scope -> { order(id: :desc) }
+      default_scope -> { order(created_at: :desc) }
       validates :user_id, presence: true
       validates :salt, presence: true
       validates :encrypted_password, presence: true

data/lib/devise/secure_password/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module SecurePassword
-    VERSION = '2.1.0'.freeze
+    VERSION = '2.2.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-secure_password
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Mark Eissler
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-12 00:00:00.000000000 Z
+date: 2025-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -39,7 +39,7 @@ dependencies:
         version: 5.0.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: 8.0.0
+        version: 9.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -49,7 +49,7 @@ dependencies:
         version: 5.0.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: 8.0.0
+        version: 9.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -154,14 +154,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: '7.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -353,8 +353,8 @@ files:
 - "./config/locales/en.yml"
 - "./devise-secure_password.gemspec"
 - "./docker-entrypoint.sh"
-- "./gemfiles/rails_6_1.gemfile"
 - "./gemfiles/rails_7_0.gemfile"
+- "./gemfiles/rails_8_0.gemfile"
 - "./lib/devise/secure_password.rb"
 - "./lib/devise/secure_password/controllers/devise_helpers.rb"
 - "./lib/devise/secure_password/controllers/helpers.rb"
@@ -385,14 +385,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.9
+rubygems_version: 3.5.11
 signing_key:
 specification_version: 4
 summary: A devise password policy enforcement extension.

data/gemfiles/rails_6_1.gemfile

@@ -1,57 +0,0 @@
-source 'https://rubygems.org'
-git_source(:github) { |repo| "https://github.com/#{repo}.git" }
-
-ENV['RAILS_TARGET'] ||= '6.1'
-
-gemspec path: '../'
-
-# Bundle edge Rails instead: gem 'rails', github: 'rails/rails', branch: 'main'
-gem 'rails', '~> 6.1.3', '>= 6.1.3.1'
-# Use sqlite3 as the database for Active Record
-gem 'sqlite3', '~> 1.7.0'
-# Use Puma as the app server
-gem 'puma', '~> 5.0'
-# Use SCSS for stylesheets
-gem 'sass-rails', '>= 6'
-# Transpile app-like JavaScript. Read more: https://github.com/rails/webpacker
-gem 'webpacker', '~> 5.0'
-# Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks
-gem 'turbolinks', '~> 5'
-# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
-gem 'jbuilder', '~> 2.7'
-# Use Redis adapter to run Action Cable in production
-# gem 'redis', '~> 4.0'
-# Use Active Model has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
-
-# Use Active Storage variant
-# gem 'image_processing', '~> 1.2'
-
-# Reduces boot times through caching; required in config/boot.rb
-gem 'bootsnap', '>= 1.4.4', require: false
-
-group :development, :test do
-  # Call 'byebug' anywhere in the code to stop execution and get a debugger console
-  gem 'byebug', platforms: %i(mri mingw x64_mingw)
-end
-
-group :development do
-  # Access an interactive console on exception pages or by calling 'console' anywhere in the code.
-  gem 'listen', '~> 3.3'
-  gem 'web-console', '>= 4.1.0'
-end
-
-group :test do
-  # Adds support for Capybara system testing and selenium driver
-  gem 'capybara', '>= 3.26'
-  gem 'codecov', require: false
-  gem 'selenium-webdriver'
-  gem 'shoulda-matchers'
-  # Easy installation and use of web drivers to run system tests with browsers
-  gem 'webdrivers'
-end
-
-# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
-gem 'tzinfo-data', platforms: %i(mingw mswin x64_mingw jruby)
-
-gem 'webrick', '~> 1.7'