devise-secure_password 2.2.0 → 2.2.1

data/README.md

@@ -1,99 +1,70 @@
-# Devise Secure Password Extension
+![Devise Security Password Logo](https://raw.github.com/ValiMail/devise-secure_password/main/devise_security_password.png)
 
 [![License](http://img.shields.io/badge/license-MIT-yellowgreen.svg)](#license)
+[![CircleCI](https://dl.circleci.com/status-badge/img/gh/ValiMail/devise-secure_password/tree/main.svg?style=svg)](https://dl.circleci.com/status-badge/redirect/gh/ValiMail/devise-secure_password/tree/main)
 
 The __Devise Secure Password Extension__ is a user account password policy enforcement gem that can be
-added to a Rails project to enforce password policies. The gem is implemented as an extension to the Rails
+added to a Rails project to enforce password policies.
+
+The gem is implemented as an extension to the Rails
 [devise](https://github.com/plataformatec/devise) authentication solution gem and requires that __devise__ is installed
 as well.
 
 ## Overview
 
-The __Devise Secure Password Extension__ is composed of the following modules:
+It's composed of the following modules:
 
-- __password_has_required_content__: require that passwords consist of a specific number (configurable) of letters,
+* __password_has_required_content__: require that passwords consist of a specific number (configurable) of letters,
   numbers, and special characters (symbols)
-- __password_disallows_frequent_reuse__: prevent the reuse of a number (configurable) of previous passwords when a user
+* __password_disallows_frequent_reuse__: prevent the reuse of a number (configurable) of previous passwords when a user
   changes their password
-- __password_disallows_frequent_changes__: prevent the user from changing their password more than once within a time
+* __password_disallows_frequent_changes__: prevent the user from changing their password more than once within a time
   duration (configurable)
-- __password_requires_regular_updates__: require that a user change their password following a time duration
+* __password_requires_regular_updates__: require that a user change their password following a time duration
   (configurable)
 
 ## Compatibility
 
-The goal of this project is to provide compatibility for officially supported stable releases of [Ruby](https://www.ruby-lang.org/en/downloads/)
-and [Ruby on Rails](http://guides.rubyonrails.org/maintenance_policy.html). More specifically, the following releases
-are currently supported by the __Devise Secure Password Extension__:
-
-- Ruby on Rails: __7.0.x__, __8.0.x__
-- Ruby: __3.2.x__, __3.3.x__, __3.4.x__
-
-### Updating to a New Rails Version
-
-This gem uses so-called "dummy" apps in the specs to verify compatibility with a major/minor version of Rails.  Adding a new major/minor version of Rails requires us to add a new "dummy" app in the spec folder, and a corresponding Gemfile in the gemfiles directory.  While manual, this process is relatively straightforward:
-
-1. Create a new Rails app in the directory `spec/rails_<major>_<minor>` by using the Rails generator for that version, ensuring you skip Git setup.  (e.g. `cd spec; rails _7.2.2.2_ new rails-app-7_0 --skip-git`)
-2. Move the Gemfile from the newly created app to the `gemfiles` directory and rename it with the major/minor version (e.g. `mv spec/rails_7_0/Gemfile gemfiles/rails_7_0.gemfile`)
-3. Update the Gemfile to include the Rails target and gemspec immediately beneath the source declarations, like this:
-
-```ruby
-source 'https://rubygems.org'
-git_source(:github) { |repo| "https://github.com/#{repo}.git" }
-
-ENV['RAILS_TARGET'] ||= '7.0'
-
-gemspec path: '../'
-```
+We provide compatibility for officially and recent stable releases of [Ruby](https://www.ruby-lang.org/en/downloads/)
+and [Ruby on Rails](http://guides.rubyonrails.org/maintenance_policy.html).
 
-4. Add `gem 'shoulda-matchers'` under the test group in the new Gemfile
-5. Ensure you can bundle by running `bundle` with the `BUNDLE_GEMFILE` variable set to the new Gemfile (i.e. `BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle`).  This should run successfully - fix as needed.
-6. Copy the file `config/initializers/devise.rb` from an existing "dummy" app to the same location in the new app.
-7. Copy the file `config/routes.rb` from an existing "dummy" app to the same location in the new app.
-8. Copy the contents of the `db/migrate` directory from an existing "dummy" app to the same location in the new app.  Copy the `db/schema.rb` and `db/test.sqlite3` as well
-9. Copy the `app/controllers/static_pages_controller.rb` from an existing "dummy" app to the same location in the new app.
-10. Copy the `app/models/isolated` directory and the `app/models/user.rb` file from an existing "dummy" app to the same location in the new app.
-11. Copy the `app/views/static_pages` directory from an existing "dummy" app to the same location in the new app.
-12. Update the `app/views/layouts/application.html.erb` in the new app to have the same `<body>` content and `<title>` as the same file in an existing "dummy" app.
-13. At this point you should be able to run specs.  (i.e. `BUNDLE_GEMFILE=gemfiles/rails_6_1.gemfile bundle exec rake`).  Run specs and fix version specific issues, taking care to maintain backwards compatibility with supported versions.
-14. You should also run Rubocop (i.e. `BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle exec rubocop`) and fix whatever issues are reported (again, maintaining backwards compatibility)
-15. In the `.circleci/config.yml` file update the `current_rails_gemfile` and `previous_rails_gemfile` to reference the new version and the previous version of Rails to be supported
-16. Delete any files for old Rails versions that are no longer supported - "dummy" apps and the corresponding `gemfiles` Gemfile.
-17. Update the Circle CI badge label in this README to reflect the newly supported Rails version.
+Following releases are currently supported:
 
+- Ruby on Rails: __8.0.x__, __7.0.x__
+- Ruby: __3.4.x__, __3.3.x__, __3.2.x__ (minimal ruby version required)
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'devise',                 '~> 4.8'
-gem 'devise-secure_password', '~> 2.0'
+gem 'devise',                 '~> 4.9'
+gem 'devise-secure_password', '~> 2.2'
 ```
 
 And then execute:
 
-```shell
-prompt> bundle
+```bash
+bundle install
 ```
 
 Or install it yourself as:
 
-```shell
-prompt> gem install devise-secure_password
+```bash
+gem install devise-secure_password
 ```
 
 Finally, run the generator:
 
-```shell
-prompt> rails generate devise:secure_password:install
+```bash
+rails generate devise:secure_password:install
 ```
 
 ## Usage
 
 ### Configuration
 
-The __Devise Secure Password Extension__ exposes configuration parameters as outlined below. Commented out configuration
+The extension exposes configuration parameters as outlined below. Commented out configuration
 parameters reflect the default settings.
 
 ```ruby
@@ -175,15 +146,15 @@ previous passwords memorization implemented by the `:password_disallows_frequent
 
 The following database migration needs to be applied:
 
-```shell
-prompt> rails generate migration create_previous_passwords salt:string encrypted_password:string user:references
+```bash
+rails generate migration create_previous_passwords salt:string encrypted_password:string user:references
 ```
 
-Edit the resulting file to disallow null values for the hash,add indexes for both hash and user_id fields, and to also
+Edit the resulting file to disallow null values for the hash, add indexes for both hash and user_id fields, and to also
 add the timestamp (created_at, updated_at) fields:
 
 ```ruby
-class CreatePreviousPasswords < ActiveRecord::Migration[7.0]
+class CreatePreviousPasswords < ActiveRecord::Migration[8.0]
   def change
     create_table :previous_passwords do |t|
       t.string :salt, null: false
@@ -202,8 +173,8 @@ end
 
 And then:
 
-```shell
-prompt> bundle exec rake db:migrate
+```bash
+bundle exec rake db:migrate
 ```
 
 ### Displaying errors
@@ -231,6 +202,28 @@ and is taken from the default password `edit.html.erb` page:
 <% end %>
 ```
 
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/valimail/devise-secure_password. This project
+is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the
+[Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+### Basic guidelines for contributors
+
+1. Fork it
+
+2. Create your feature branch (`git checkout -b my-new-feature`)
+
+3. Commit your changes (`git commit -am 'Add some feature'`)
+
+4. Push to the branch (`git push origin my-new-feature`)
+
+5. Create new Pull Request
+
+>NOTE: Contributions should always be based on the `main` branch. You may be asked to [rebase](https://git-scm.com/docs/git-rebase)
+your contributions on the tip of the `main` branch, this is normal and is to be expected if the `main` branch has
+moved ahead since your pull request was opened, discussed, and accepted.
+
 <a name="running-tests"></a>
 
 ## Running Tests
@@ -239,12 +232,11 @@ This document assumes that you already have a [functioning ruby install](https:/
 
 ### Default Rails target
 
-The __Devise Secure Password Extension__ provides compatibility for officially supported stable releases of Ruby on
-Rails. To configure and test the default target (the most-recent supported Rails release):
+To configure and test the default target (the most-recent supported Rails release):
 
 ```bash
-prompt> bundle
-prompt> bundle exec rake
+bundle
+bundle exec rake
 ```
 
 ### Selecting an alternate Rails target
@@ -252,17 +244,19 @@ prompt> bundle exec rake
 To determine the Ruby on Rails versions supported by this release, run the following commands:
 
 ```bash
-prompt> gem install flay ruby2ruby rubocop rspec
-prompt> rake test:spec:targets
+gem install flay ruby2ruby rubocop rspec
+rake test:spec:targets
 
-Available Rails targets: 7.0, 8.0
+Available Rails targets: 8.0, 7.0
 ```
 
+For additional Rails versions support, please follow this [guideline](https://github.com/valimail/devise-secure_password/blob/main/docs/upgrading_to_new_rails_version.md)
+
 Reconfigure the project by specifying the correct Gemfile when running bundler, followed by running tests:
 
 ```bash
-prompt> BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle
-prompt> BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle exec rake
+BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle
+BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle exec rake
 ```
 
 The only time you need to define the `BUNDLE_GEMFILE` environment variable is when testing a non-default target.
@@ -272,7 +266,7 @@ The only time you need to define the `BUNDLE_GEMFILE` environment variable is wh
 SimpleCov tests are enabled by defining the `test:spec:coverage` rake task:
 
 ```bash
-prompt> bundle exec rake test:spec:coverage
+bundle exec rake test:spec:coverage
 ```
 
 A brief summary will be output at the end of the run but a more extensive eport will be saved in the `coverage`
@@ -284,7 +278,7 @@ You will need to install the [ChromeDriver >= v2.3.4](https://sites.google.com/a
 for testing.
 
 ```bash
-prompt> brew install chromedriver
+brew install chromedriver
 ```
 
 You can always install [ChromeDriver](https://sites.google.com/a/chromium.org/chromedriver/) by downloading and then
@@ -310,9 +304,9 @@ To debug from inside of the dummy rails-app you will need to first install the r
 migration:
 
 ```bash
-prompt> cd spec/rails-app-X_y_z
-prompt> rake app:update:bin
-prompt> RAILS_ENV=development bundle exec rake db:migrate
+cd spec/rails-app-X_y_z
+rake app:update:bin
+RAILS_ENV=development bundle exec rake db:migrate
 ```
 
 Remember, the dummy app is not meant to be a full featured rails app: there is just enough functionality to test the
@@ -323,7 +317,7 @@ gem feature set.
 Available benchmarks can be run as follows:
 
 ```bash
-prompt> bundle exec rake test:benchmark
+bundle exec rake test:benchmark
 ```
 
 Benchmarks are run within an RSpec context but are not run along with other tests as benchmarks merely seek to measure
@@ -346,8 +340,8 @@ using [Docker](https://www.docker.com/).
 To start the container simply build and launch the image:
 
 ```bash
-prompt> docker build -t secure-password-dev .
-prompt> docker run -it --rm secure-password-dev /bin/bash
+docker build -t secure-password-dev .
+docker run -it --rm secure-password-dev /bin/bash
 ```
 
 The above `docker run` command will start the container, connect you to the command line within the project home
@@ -356,12 +350,12 @@ the shell, the container will be removed.
 
 ### Running tests in a Docker container
 
-The Docker container is derived from the latest [circleci/ruby](https://hub.docker.com/r/circleci/ruby/) image. It is
+The Docker container is derived from the latest [cimg/ruby](https://circleci.com/developer/images/image/cimg/ruby) image. It is
 critical that you update the bundler inside of the Docker image as the `circleci` user (i.e. the default user) before
 initiating any development work including tests.
 
 ```bash
-prompt> gem update bundler
+gem update bundler
 ```
 
 #### Updating test.sqlite3.db
@@ -369,34 +363,12 @@ prompt> gem update bundler
 To update or generate a `db/test/sqlite3.db` database file:
 
 ```bash
-prompt> cd spec/rails-app-X_y_z
-prompt> bundle install
-prompt> rake app:update:bin
-prompt> RAILS_ENV=test bundle exec rake db:migrate
+cd spec/rails-app-X_y_z
+bundle install
+rake app:update:bin
+RAILS_ENV=test bundle exec rake db:migrate
 ```
 
-## Contributing
-
-Bug reports and pull requests are welcome on GitHub at https://github.com/valimail/devise-secure_password. This project
-is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the
-[Contributor Covenant](http://contributor-covenant.org) code of conduct.
-
-### Basic guidelines for contributors
-
-1 Fork it
-
-2 Create your feature branch (`git checkout -b my-new-feature`)
-
-3 Commit your changes (`git commit -am 'Add some feature'`)
-
-4 Push to the branch (`git push origin my-new-feature`)
-
-5 Create new Pull Request
-
->NOTE: Contributions should always be based on the `master` branch. You may be asked to [rebase](https://git-scm.com/docs/git-rebase)
-your contributions on the tip of the `master` branch, this is normal and is to be expected if the `master` branch has
-moved ahead since your pull request was opened, discussed, and accepted.
-
 ## License
 
 The __Devise Secure Password Extension__ gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
@@ -404,4 +376,4 @@ The __Devise Secure Password Extension__ gem is available as open source under t
 ## Code of Conduct
 
 Everyone interacting in the __Devise Secure Password Extension__ project’s codebases and issue trackers is expected to
-follow the [code of conduct](https://github.com/valimail/devise-secure_password/blob/master/CODE_OF_CONDUCT.md).
+follow the [code of conduct](https://github.com/valimail/devise-secure_password/blob/main/CODE_OF_CONDUCT.md).

data/config/locales/en.yml

@@ -22,11 +22,11 @@ en:
     password_disallows_frequent_reuse:
       errors:
         messages:
-          password_is_recent: "Last %{count} passwords may not be reused"
+          password_is_recent: "must not be reused from the last %{count} passwords."
     password_disallows_frequent_changes:
       errors:
         messages:
-          password_is_recent: "Password cannot be changed more than once per %{timeframe}"
+          password_is_recent: "cannot be changed more than once per %{timeframe}"
     password_requires_regular_updates:
       alerts:
         messages:

data/devise-secure_password.gemspec

@@ -12,8 +12,8 @@ Gem::Specification.new do |spec|
   spec.version       = Devise::SecurePassword::VERSION.dup
   spec.platform      = Gem::Platform::RUBY
 
-  spec.authors       = ['Mark Eissler']
-  spec.email         = ['mark.eissler@valimail.com']
+  spec.authors       = ['Valimail Engineering']
+  spec.email         = ['engineering@valimail.com']
 
   spec.summary       = 'A devise password policy enforcement extension.'
   spec.description   = 'Adds configurable password policy enforcement to devise.'

data/docs/upgrading_to_new_rails_version.md

@@ -0,0 +1,46 @@
+### Upgrading to a New Rails Version
+
+This gem uses so-called "dummy" apps in the specs to verify compatibility with a major/minor version of Rails.  Adding a new major/minor version of Rails requires us to add a new "dummy" app in the spec folder, and a corresponding Gemfile in the gemfiles directory.  While manual, this process is relatively straightforward:
+
+1. Create a new Rails app in the directory `spec/rails_<major>_<minor>` by using the Rails generator for that version, ensuring you skip Git setup.  (e.g. `cd spec; rails _7.2.2.2_ new rails-app-7_0 --skip-git`)
+
+2. Move the Gemfile from the newly created app to the `gemfiles` directory and rename it with the major/minor version (e.g. `mv spec/rails_7_0/Gemfile gemfiles/rails_7_0.gemfile`)
+
+3. Update the Gemfile to include the Rails target and gemspec immediately beneath the source declarations, like this:
+
+```ruby
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+ENV['RAILS_TARGET'] ||= '7.0'
+
+gemspec path: '../'
+```
+
+4. Add `gem 'shoulda-matchers'` under the test group in the new Gemfile
+
+5. Ensure you can bundle by running `bundle` with the `BUNDLE_GEMFILE` variable set to the new Gemfile (i.e. `BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle`).  This should run successfully - fix as needed.
+
+6. Copy the file `config/initializers/devise.rb` from an existing "dummy" app to the same location in the new app.
+
+7. Copy the file `config/routes.rb` from an existing "dummy" app to the same location in the new app.
+
+8. Copy the contents of the `db/migrate` directory from an existing "dummy" app to the same location in the new app.  Copy the `db/schema.rb` and `db/test.sqlite3` as well
+
+9. Copy the `app/controllers/static_pages_controller.rb` from an existing "dummy" app to the same location in the new app.
+
+10. Copy the `app/models/isolated` directory and the `app/models/user.rb` file from an existing "dummy" app to the same location in the new app.
+
+11. Copy the `app/views/static_pages` directory from an existing "dummy" app to the same location in the new app.
+
+12. Update the `app/views/layouts/application.html.erb` in the new app to have the same `<body>` content and `<title>` as the same file in an existing "dummy" app.
+
+13. At this point you should be able to run specs.  (i.e. `BUNDLE_GEMFILE=gemfiles/rails_6_1.gemfile bundle exec rake`).  Run specs and fix version specific issues, taking care to maintain backwards compatibility with supported versions.
+
+14. You should also run Rubocop (i.e. `BUNDLE_GEMFILE=gemfiles/rails_7_0.gemfile bundle exec rubocop`) and fix whatever issues are reported (again, maintaining backwards compatibility)
+
+15. In the `.circleci/config.yml` file update the `current_rails_gemfile` and `previous_rails_gemfile` to reference the new version and the previous version of Rails to be supported
+
+16. Delete any files for old Rails versions that are no longer supported - "dummy" apps and the corresponding `gemfiles` Gemfile.
+
+17. Update the Circle CI badge label in this README to reflect the newly supported Rails version.