devise-secure_password 1.0.4 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9ad50ca0c1965ad3174621755389c8e48b975e21
-  data.tar.gz: b37c27078075b47e6d5d8f9cb8aa4123acc5c864
+  metadata.gz: 1c68e938643943a1eb93719ef84ee969b350a12b
+  data.tar.gz: 897e40fb6a73452cbfa6fb9b39dc8990a76c65f9
 SHA512:
-  metadata.gz: 80b59887d9403bf0248755e2ff6e57913992ef7db706a37f2ca5cf384d6e60e6e82da38f5c2943028be2e40e07d0a0f4939626e082f13896b6a7362b43cf4a4f
-  data.tar.gz: d9dbd040fd15d17b7324f431b86fa72dc0b50c269652742512ccd90b994c513675bc23bc6140632f1868f1e089df3cfcb9bdf0c7eb1a7c2e6151cccbaaf2ce30
+  metadata.gz: 1a1d93997de4b2dd7dc8fe6c4495c2956f5cb17b9eeb474e1e30e022c16e5f9b20e76ff826b027e4a43d4d200246ed11b112d2d809278808d34434c3c2c2c23d
+  data.tar.gz: 4c1e883be6167375195bdcf3487d959163ba425a5d1cb3aca3e34036e6a2d682569e5d6760e59a3bcb48fc9b422c2bd7dd6e476f624c7bb3ee3e5db74ed40754

data/Changelog.md

@@ -0,0 +1,59 @@
+# Changelog: devise-secure_password
+
+## 1.0.5 / 2018-04-30
+
+* Update rails-app-5_1_4 config for SQLite3Adapter changes.
+* Update previous_password default_scope to be based on id.
+* Configure more reasonable defaults.
+* Update README regarding defaults and a users need to verify.
+* Update README to include section on Displaying errors.
+* Revert password freshness algorithm from 1.0.4.
+
+## v1.0.4 / 2018-04-28
+
+* Fix for ignored redirect on expired passwords.
+* Change password freshness algorithm to consider updated records.
+
+## v1.0.3 / 2018-04-23
+
+* Skip enforcement checks unless User model requires a password.
+* Update migration code to accomodate changes in underlying ActiveRecord.
+
+## v1.0.2 / 2018-03-14
+
+* Update the default configuration to be less strict - users can enable individual features.
+* Do not override global timeago strings.
+
+## v1.0.1 / 2018-03-14
+
+* Fix the special character configuration parameter name and add specs.
+
+## v1.0.0 / 2018-03-07
+
+* Update license.
+* [VME-1693] Refactor to simplify install and test commands.
+
+## v0.9.4 / 2018-01-24
+
+* [VME-1661] Fix typos in README.
+* [VME-1646] Update circleci badge token.
+* [VME-1646] Rename modules according to convention for Rails concerns.
+* Implement code coverage.
+* Support multiple rails versions for testing.
+* Rename password_regular_update_enforcement_controller to dppe_passwords_controller.
+
+## v0.9.3 / 2018-01-09
+
+* Implement password regular update
+
+## v0.9.2 / 2018-01-02
+
+* Implement password frequent change enforcement.
+
+## v0.9.1 / 2017-12-29
+
+* Implement password frequent reuse enforcement.
+
+## v0.9.0 / 2017-12-26
+
+* Implement password content enforcement.

data/Gemfile.lock

@@ -1,87 +1,288 @@
+GIT
+  remote: https://github.com/thoughtbot/shoulda-matchers.git
+  revision: 4b160bd19ecca7f97d7ac22dccd5fde9b0da5a9f
+  branch: rails-5
+  specs:
+    shoulda-matchers (3.1.2)
+      activesupport (>= 4.2.0)
+
 PATH
   remote: .
   specs:
-    devise-secure_password (0.9.4)
+    devise-secure_password (1.0.5)
       devise (>= 4.0.0, < 5.0.0)
       railties (>= 5.0.0, < 6.0.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (5.1.4)
-      actionview (= 5.1.4)
-      activesupport (= 5.1.4)
+    actioncable (5.2.0)
+      actionpack (= 5.2.0)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailer (5.2.0)
+      actionpack (= 5.2.0)
+      actionview (= 5.2.0)
+      activejob (= 5.2.0)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.2.0)
+      actionview (= 5.2.0)
+      activesupport (= 5.2.0)
       rack (~> 2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.1.4)
-      activesupport (= 5.1.4)
+    actionview (5.2.0)
+      activesupport (= 5.2.0)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activesupport (5.1.4)
+    activejob (5.2.0)
+      activesupport (= 5.2.0)
+      globalid (>= 0.3.6)
+    activemodel (5.2.0)
+      activesupport (= 5.2.0)
+    activerecord (5.2.0)
+      activemodel (= 5.2.0)
+      activesupport (= 5.2.0)
+      arel (>= 9.0)
+    activestorage (5.2.0)
+      actionpack (= 5.2.0)
+      activerecord (= 5.2.0)
+      marcel (~> 0.3.1)
+    activesupport (5.2.0)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    ansi (1.5.0)
+    arel (9.0.0)
+    ast (2.4.0)
     bcrypt (3.1.11)
     builder (3.2.3)
+    capybara (2.18.0)
+      addressable
+      mini_mime (>= 0.1.3)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      xpath (>= 2.0, < 4.0)
+    capybara-screenshot (1.0.19)
+      capybara (>= 1.0, < 4)
+      launchy
+    childprocess (0.9.0)
+      ffi (~> 1.0, >= 1.0.11)
+    coffee-rails (4.2.2)
+      coffee-script (>= 2.2.0)
+      railties (>= 4.0.0)
+    coffee-script (2.4.1)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.12.2)
     concurrent-ruby (1.0.5)
-    crass (1.0.3)
-    devise (4.4.0)
+    crass (1.0.4)
+    database_cleaner (1.7.0)
+    devise (4.4.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 4.1.0, < 5.2)
+      railties (>= 4.1.0, < 6.0)
       responders
       warden (~> 1.2.3)
-    erubi (1.7.0)
-    i18n (0.9.1)
+    diff-lcs (1.3)
+    docile (1.1.5)
+    erubi (1.7.1)
+    erubis (2.7.0)
+    execjs (2.7.0)
+    ffi (1.9.23)
+    flay (2.11.0)
+      erubis (~> 2.7.0)
+      path_expander (~> 1.0)
+      ruby_parser (~> 3.0)
+      sexp_processor (~> 4.0)
+    globalid (0.4.1)
+      activesupport (>= 4.2.0)
+    hirb (0.7.3)
+    i18n (1.0.1)
       concurrent-ruby (~> 1.0)
-    loofah (2.1.1)
+    json (2.1.0)
+    launchy (2.4.3)
+      addressable (~> 2.3)
+    libv8 (3.16.14.19)
+    loofah (2.2.2)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
+    marcel (0.3.2)
+      mimemagic (~> 0.3.2)
     method_source (0.9.0)
+    mimemagic (0.3.2)
+    mini_mime (1.0.0)
     mini_portile2 (2.3.0)
-    minitest (5.11.1)
-    nokogiri (1.8.1)
+    minitest (5.11.3)
+    nio4r (2.3.0)
+    nokogiri (1.8.2)
       mini_portile2 (~> 2.3.0)
     orm_adapter (0.5.0)
-    rack (2.0.3)
-    rack-test (0.8.2)
+    parallel (1.12.1)
+    parser (2.5.1.0)
+      ast (~> 2.4.0)
+    path_expander (1.0.3)
+    powerpack (0.1.1)
+    public_suffix (3.0.2)
+    rack (2.0.5)
+    rack-test (1.0.0)
       rack (>= 1.0, < 3)
+    rails (5.2.0)
+      actioncable (= 5.2.0)
+      actionmailer (= 5.2.0)
+      actionpack (= 5.2.0)
+      actionview (= 5.2.0)
+      activejob (= 5.2.0)
+      activemodel (= 5.2.0)
+      activerecord (= 5.2.0)
+      activestorage (= 5.2.0)
+      activesupport (= 5.2.0)
+      bundler (>= 1.3.0)
+      railties (= 5.2.0)
+      sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
-    railties (5.1.4)
-      actionpack (= 5.1.4)
-      activesupport (= 5.1.4)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
+    railties (5.2.0)
+      actionpack (= 5.2.0)
+      activesupport (= 5.2.0)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (12.3.0)
+    rainbow (3.0.0)
+    rake (12.3.1)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    ref (2.0.0)
     responders (2.4.0)
       actionpack (>= 4.2.0, < 5.3)
       railties (>= 4.2.0, < 5.3)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-rails (3.7.2)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    rspec_junit_formatter (0.3.0)
+      rspec-core (>= 2, < 4, != 2.12.0)
+    rubocop (0.55.0)
+      parallel (~> 1.10)
+      parser (>= 2.5)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.9.0)
+    ruby2ruby (2.4.1)
+      ruby_parser (~> 3.1)
+      sexp_processor (~> 4.6)
+    ruby_parser (3.11.0)
+      sexp_processor (~> 4.9)
+    rubyzip (1.2.1)
+    sass (3.5.6)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    sass-rails (5.0.7)
+      railties (>= 4.0.0, < 6)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (>= 1.1, < 3)
+    selenium-webdriver (3.11.0)
+      childprocess (~> 0.5)
+      rubyzip (~> 1.2)
+    sexp_processor (4.11.0)
+    simplecov (0.15.1)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-console (0.4.2)
+      ansi
+      hirb
+      simplecov
+    simplecov-html (0.10.2)
+    sprockets (3.7.1)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.3.13)
+    therubyracer (0.12.3)
+      libv8 (~> 3.16.14.15)
+      ref
     thor (0.20.0)
     thread_safe (0.3.6)
-    tzinfo (1.2.4)
+    tilt (2.0.8)
+    tzinfo (1.2.5)
       thread_safe (~> 0.1)
+    unicode-display_width (1.3.2)
     warden (1.2.7)
       rack (>= 1.0)
-    yard (0.9.12)
+    websocket-driver (0.7.0)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.3)
+    xpath (3.0.0)
+      nokogiri (~> 1.8)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (~> 1.16.1)
+  bundler (~> 1.16, >= 1.16.1)
+  capybara (~> 2.16, >= 2.16.1)
+  capybara-screenshot (~> 1.0, >= 1.0.18)
+  coffee-rails (~> 4.2)
+  database_cleaner (~> 1.6, >= 1.6.2)
+  devise (~> 4.0)
   devise-secure_password!
-  rake (~> 12.0)
-  yard
+  flay (~> 2.10, >= 2.10.0)
+  launchy (~> 2.4, >= 2.4.3)
+  rails (~> 5.1, >= 5.1.4)
+  rake (~> 12.3)
+  rspec (~> 3.7)
+  rspec-rails (~> 3.7)
+  rspec_junit_formatter (~> 0.3)
+  rubocop (>= 0.49.0)
+  ruby2ruby (~> 2.4, >= 2.4.0)
+  sass-rails (~> 5.0)
+  selenium-webdriver (~> 3.7, >= 3.7.0)
+  shoulda-matchers!
+  simplecov (~> 0.15.1)
+  simplecov-console (~> 0.4.2)
+  sqlite3 (~> 1.3, >= 1.3.13)
+  therubyracer (~> 0.12.3)
 
 BUNDLED WITH
    1.16.1

data/README.md

@@ -41,7 +41,7 @@ Add this line to your application's Gemfile:
 
 ```ruby
 gem 'devise',                 '~> 4.2'
-gem 'devise-secure_password', '~> 1.0.0'
+gem 'devise-secure_password', '~> 1.0.5'
 ```
 
 And then execute:
@@ -80,39 +80,44 @@ Devise.setup do |config|
   # standard configuration parameter.
 
   # The number of uppercase letters (latin A-Z) required in a password:
-  # config.password_required_uppercase_count = 0
+  # config.password_required_uppercase_count = 1
 
   # The number of lowercase letters (latin A-Z) required in a password:
-  # config.password_required_lowercase_count = 0
+  # config.password_required_lowercase_count = 1
 
   # The number of numbers (0-9) required in a password:
-  # config.password_required_number_count = 0
+  # config.password_required_number_count = 1
 
   # The number of special characters (!@#$%^&*()_+-=[]{}|') required in a password:
-  # config.password_required_special_character_count = 0
+  # config.password_required_special_character_count = 1
 
   # ==> Configuration for the Devise Secure Password extension
   #     Module: password_disallows_frequent_reuse
   #
   # The number of previously used passwords that can not be reused:
-  # config.password_previously_used_count = 1
+  # config.password_previously_used_count = 8
 
   # ==> Configuration for the Devise Secure Password extension
   #     Module: password_disallows_frequent_changes
   #     *Requires* password_disallows_frequent_reuse
   #
   # The minimum time that must pass between password changes:
-  # config.password_minimum_age = 0.days
+  # config.password_minimum_age = 1.days
 
   # ==> Configuration for the Devise Secure Password extension
   #     Module: password_requires_regular_updates
   #     *Requires* password_disallows_frequent_reuse
   #
   # The maximum allowed age of a password:
-  # config.password_maximum_age = 365.days
+  # config.password_maximum_age = 180.days
 end
 ```
 
+>NOTE: Password policy defaults have been selected as a middle-of-the-road combination based on published
+recommendations by [Microsoft](https://technet.microsoft.com/en-us/library/ff741764.aspx) and
+[Carnegie Mellon University](https://www.cmu.edu/iso/governance/guidelines/password-management.html). It is up to
+__YOU__ to verify the default settings and make adjustments where necessary.
+
 Enable the __Devise Secure Password Extension__ enforcement in your Devise model(s):
 
 ```ruby
@@ -174,6 +179,31 @@ And then:
 prompt> bundle exec rake db:migrate
 ```
 
+### Displaying errors
+
+You will likely want to display errors, produced as a result of secure password enforcement violations, to your users.
+Errors are available via the `User.errors` array and via the `devise_error_messages!` method. An example usage follows
+and is taken from the default password `edit.html.erb` page:
+
+```erb
+<%= form_for(resource, as: resource_name, url: [resource_name, :password_with_policy], html: { method: :put }) do |f| %>
+  <% if resource.errors.full_messages.count.positive? %>
+    <%= devise_error_messages! %>
+  <% end %>
+
+  <p><%= f.label :current_password, 'Current password' %><br />
+  <%= f.password_field :current_password %></p>
+
+  <p><%= f.label :password, 'New password' %><br />
+  <%= f.password_field :password %></p>
+
+  <p><%= f.label :password_confirmation, 'Password confirmation' %><br />
+  <%= f.password_field :password_confirmation %></p>
+
+  <p><%= f.submit 'Update' %></p>
+<% end %>
+```
+
 <a name="running-tests"></a>
 
 ## Running Tests

data/coverage/index.html

@@ -14,7 +14,7 @@
       <img src="./assets/0.10.2/loading.gif" alt="loading"/>
     </div>
     <div id="wrapper" style="display:none;">
-      <div class="timestamp">Generated <abbr class="timeago" title="2018-04-28T21:17:06-07:00">2018-04-28T21:17:06-07:00</abbr></div>
+      <div class="timestamp">Generated <abbr class="timeago" title="2018-04-29T19:21:42-07:00">2018-04-29T19:21:42-07:00</abbr></div>
       <ul class="group_tabs"></ul>
 
       <div id="content">
@@ -133,7 +133,7 @@
       <tr>
         <td class="strong"><a href="#610c7e3624991293372156293eb507f0b5546b94" class="src_link" title="lib/devise/secure_password/models/previous_password.rb">lib/devise/secure_password/models/previous_password.rb</a></td>
         <td class="green strong">100.0 %</td>
-        <td>22</td>
+        <td>20</td>
         <td>13</td>
         <td>13</td>
         <td>0</td>
@@ -281,7 +281,7 @@
       <tr>
         <td class="strong"><a href="#610c7e3624991293372156293eb507f0b5546b94" class="src_link" title="lib/devise/secure_password/models/previous_password.rb">lib/devise/secure_password/models/previous_password.rb</a></td>
         <td class="green strong">100.0 %</td>
-        <td>22</td>
+        <td>20</td>
         <td>13</td>
         <td>13</td>
         <td>0</td>
@@ -2293,8 +2293,8 @@
           <code class="ruby">        if Rails.version &gt; &#39;5.1&#39;</code>
         </li>
       
-        <li class="missed" data-hits="0" data-linenumber="58">
-          
+        <li class="covered" data-hits="41" data-linenumber="58">
+          <span class="hits">41</span>
           
           <code class="ruby">          saved_change_to_encrypted_password?</code>
         </li>
@@ -2305,8 +2305,8 @@
           <code class="ruby">        else</code>
         </li>
       
-        <li class="covered" data-hits="41" data-linenumber="60">
-          <span class="hits">41</span>
+        <li class="missed" data-hits="0" data-linenumber="60">
+          
           
           <code class="ruby">          encrypted_password_changed?</code>
         </li>
@@ -3628,67 +3628,55 @@
           <code class="ruby">      def fresh?(minimum_age_duration, now = ::Time.zone.now)</code>
         </li>
       
-        <li class="never" data-hits="" data-linenumber="12">
-          
-          
-          <code class="ruby">        # @NOTE fix for history = 1, use updated_at</code>
-        </li>
-      
-        <li class="covered" data-hits="10" data-linenumber="13">
+        <li class="covered" data-hits="10" data-linenumber="12">
           <span class="hits">10</span>
           
-          <code class="ruby">        now &lt;= (updated_at + minimum_age_duration)</code>
+          <code class="ruby">        now &lt;= (created_at + minimum_age_duration)</code>
         </li>
       
-        <li class="never" data-hits="" data-linenumber="14">
+        <li class="never" data-hits="" data-linenumber="13">
           
           
           <code class="ruby">      end</code>
         </li>
       
-        <li class="never" data-hits="" data-linenumber="15">
+        <li class="never" data-hits="" data-linenumber="14">
           
           
           <code class="ruby"></code>
         </li>
       
-        <li class="covered" data-hits="1" data-linenumber="16">
+        <li class="covered" data-hits="1" data-linenumber="15">
           <span class="hits">1</span>
           
           <code class="ruby">      def stale?(maximum_age_duration, now = ::Time.zone.now)</code>
         </li>
       
-        <li class="never" data-hits="" data-linenumber="17">
-          
-          
-          <code class="ruby">        # @NOTE fix for history = 1, use updated_at</code>
-        </li>
-      
-        <li class="covered" data-hits="8" data-linenumber="18">
+        <li class="covered" data-hits="8" data-linenumber="16">
           <span class="hits">8</span>
           
-          <code class="ruby">        now &gt; (updated_at + maximum_age_duration)</code>
+          <code class="ruby">        now &gt; (created_at + maximum_age_duration)</code>
         </li>
       
-        <li class="never" data-hits="" data-linenumber="19">
+        <li class="never" data-hits="" data-linenumber="17">
           
           
           <code class="ruby">      end</code>
         </li>
       
-        <li class="never" data-hits="" data-linenumber="20">
+        <li class="never" data-hits="" data-linenumber="18">
           
           
           <code class="ruby">    end</code>
         </li>
       
-        <li class="never" data-hits="" data-linenumber="21">
+        <li class="never" data-hits="" data-linenumber="19">
           
           
           <code class="ruby">  end</code>
         </li>
       
-        <li class="never" data-hits="" data-linenumber="22">
+        <li class="never" data-hits="" data-linenumber="20">
           
           
           <code class="ruby">end</code>

data/gemfiles/rails-5_0_6.gemfile.lock

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise-secure_password (1.0.4)
+    devise-secure_password (1.0.5)
       devise (>= 4.0.0, < 5.0.0)
       railties (>= 5.0.0, < 6.0.0)
 

data/gemfiles/rails-5_1_4.gemfile.lock

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise-secure_password (1.0.4)
+    devise-secure_password (1.0.5)
       devise (>= 4.0.0, < 5.0.0)
       railties (>= 5.0.0, < 6.0.0)
 

data/lib/devise/secure_password.rb

@@ -12,19 +12,19 @@ require 'devise/secure_password/models/password_requires_regular_updates'
 
 module Devise
   # password_content_enforcement configuration parameters
-  @password_required_uppercase_count = 0
-  @password_required_lowercase_count = 0
-  @password_required_number_count = 0
-  @password_required_special_character_count = 0
+  @password_required_uppercase_count = 1
+  @password_required_lowercase_count = 1
+  @password_required_number_count = 1
+  @password_required_special_character_count = 1
 
   # password_frequent_reuse_prevention configuration parameters
-  @password_previously_used_count = 1
+  @password_previously_used_count = 8
 
   # password_frequent_change_prevention configuration parameters
-  @password_minimum_age = 0.days
+  @password_minimum_age = 1.day
 
   # password_regular_update_enforcement configuration parameters
-  @password_maximum_age = 365.days
+  @password_maximum_age = 180.days
 
   class << self
     attr_accessor :password_required_uppercase_count

data/lib/devise/secure_password/models/previous_password.rb

@@ -3,17 +3,17 @@ module Devise
     class PreviousPassword < ::ActiveRecord::Base
       self.table_name = 'previous_passwords'
       belongs_to :user
-      default_scope -> { order(created_at: :desc) }
+      default_scope -> { order(id: :desc) }
       validates :user_id, presence: true
       validates :salt, presence: true
       validates :encrypted_password, presence: true
 
       def fresh?(minimum_age_duration, now = ::Time.zone.now)
-        now <= (updated_at + minimum_age_duration)
+        now <= (created_at + minimum_age_duration)
       end
 
       def stale?(maximum_age_duration, now = ::Time.zone.now)
-        now > (updated_at + maximum_age_duration)
+        now > (created_at + maximum_age_duration)
       end
     end
   end

data/lib/devise/secure_password/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module SecurePassword
-    VERSION = '1.0.4'.freeze
+    VERSION = '1.0.5'.freeze
   end
 end

data/lib/generators/devise/templates/secure_password.rb

@@ -10,34 +10,34 @@ Devise.setup do |config|
   # standard configuration parameter.
 
   # The number of uppercase letters (latin A-Z) required in a password:
-  # config.password_required_uppercase_count = 0
+  # config.password_required_uppercase_count = 1
 
   # The number of lowercase letters (latin A-Z) required in a password:
-  # config.password_required_lowercase_count = 0
+  # config.password_required_lowercase_count = 1
 
   # The number of numbers (0-9) required in a password:
-  # config.password_required_number_count = 0
+  # config.password_required_number_count = 1
 
   # The number of special characters (!@#$%^&*()_+-=[]{}|') required in a password:
-  # config.password_required_special_character_count = 0
+  # config.password_required_special_character_count = 1
 
   # ==> Configuration for the Devise Secure Password extension
   #     Module: password_disallows_frequent_reuse
   #
   # The number of previously used passwords that can not be reused:
-  # config.password_previously_used_count = 1
+  # config.password_previously_used_count = 8
 
   # ==> Configuration for the Devise Secure Password extension
   #     Module: password_disallows_frequent_changes
   #     *Requires* password_disallows_frequent_reuse
   #
   # The minimum time that must pass between password changes:
-  # config.password_minimum_age = 0.days
+  # config.password_minimum_age = 1.days
 
   # ==> Configuration for the Devise Secure Password extension
   #     Module: password_requires_regular_updates
   #     *Requires* password_disallows_frequent_reuse
   #
   # The maximum allowed age of a password:
-  # config.password_maximum_age = 365.days
+  # config.password_maximum_age = 180.days
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-secure_password
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.5
 platform: ruby
 authors:
 - Mark Eissler
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-29 00:00:00.000000000 Z
+date: 2018-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -412,6 +412,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - "./CODE_OF_CONDUCT.md"
+- "./Changelog.md"
 - "./Dockerfile"
 - "./Dockerfile.prev"
 - "./Gemfile"
@@ -472,6 +473,7 @@ files:
 - "./lib/generators/devise/templates/secure_password.rb"
 - "./lib/support/string/character_counter.rb"
 - "./pkg/devise-secure_password-1.0.3.gem"
+- "./pkg/devise-secure_password-1.0.4.gem"
 homepage: https://github.com/valimail/devise-secure_password
 licenses:
 - MIT