devise-secure_password 1.0.6 → 1.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 537cd336906fbda7eca3ea27bec51cb3198394c3
-  data.tar.gz: 7aeb869fd6060a7c85479d17ef8939329bda484f
+  metadata.gz: 7d48b94f72dec051554ab4176e23b7509e77674c
+  data.tar.gz: 73bba702c406149b9a0ea5356c55bcd6da0d63ba
 SHA512:
-  metadata.gz: 5ad811d3b36cae428e2461087445bab6fd337298d0292b82ec2caa33d98e1377f1eb09a6379f32d1863fdd6c48b088417b6ecd8ba2ba665f8edc5a099e435d9b
-  data.tar.gz: 4b4c9c7b91c9489b3ee347903226bbdda54ff56dff82d2a060442a7f3088ff1819e2f46043c01c3fae0352f13d50c95656cbff7de74f27d62326f8c095467a23
+  metadata.gz: cae5af852eb447a67736844354bc34c7857d041075c25e32ee1e8177e047bffc0b10d11746dbf3a834f45357663781a70eb64922a53eb0ca302726508950468c
+  data.tar.gz: 8c60f1e2df9ea2d686d8ce48d5cc0a9206e6d3dd83c1a6703bf74b0242dc5112f49c39154b5b9556d61dbf15d4da90b68b15f554a7a9baeb2f3c447cf32c2111

data/Changelog.md

@@ -1,5 +1,11 @@
 # Changelog: devise-secure_password
 
+## 1.0.7 / 2018-05-25
+
+* Fix specs to use appropriate Rails version
+* Update configuration to not include patch version for Rails
+* Manage expiration in session to remove incompatability with authentication extensions
+
 ## 1.0.6 / 2018-05-04
 
 * Fix scoping for previous passwords returned through associations.

data/Gemfile.lock

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise-secure_password (1.0.6)
+    devise-secure_password (1.0.7)
       devise (>= 4.0.0, < 5.0.0)
       railties (>= 5.0.0, < 6.0.0)
 
@@ -62,7 +62,7 @@ GEM
     ansi (1.5.0)
     arel (9.0.0)
     ast (2.4.0)
-    bcrypt (3.1.11)
+    bcrypt (3.1.12)
     builder (3.2.3)
     capybara (2.18.0)
       addressable
@@ -71,7 +71,7 @@ GEM
       rack (>= 1.0.0)
       rack-test (>= 0.5.4)
       xpath (>= 2.0, < 4.0)
-    capybara-screenshot (1.0.19)
+    capybara-screenshot (1.0.21)
       capybara (>= 1.0, < 4)
       launchy
     childprocess (0.9.0)
@@ -98,7 +98,7 @@ GEM
     erubis (2.7.0)
     execjs (2.7.0)
     ffi (1.9.23)
-    flay (2.11.0)
+    flay (2.12.0)
       erubis (~> 2.7.0)
       path_expander (~> 1.0)
       ruby_parser (~> 3.0)
@@ -124,7 +124,7 @@ GEM
     mini_mime (1.0.0)
     mini_portile2 (2.3.0)
     minitest (5.11.3)
-    nio4r (2.3.0)
+    nio4r (2.3.1)
     nokogiri (1.8.2)
       mini_portile2 (~> 2.3.0)
     orm_adapter (0.5.0)
@@ -193,7 +193,7 @@ GEM
     rspec-support (3.7.1)
     rspec_junit_formatter (0.3.0)
       rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (0.55.0)
+    rubocop (0.56.0)
       parallel (~> 1.10)
       parser (>= 2.5)
       powerpack (~> 0.1)
@@ -218,7 +218,7 @@ GEM
       sprockets (>= 2.8, < 4.0)
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
-    selenium-webdriver (3.11.0)
+    selenium-webdriver (3.12.0)
       childprocess (~> 0.5)
       rubyzip (~> 1.2)
     sexp_processor (4.11.0)
@@ -285,4 +285,4 @@ DEPENDENCIES
   therubyracer (~> 0.12.3)
 
 BUNDLED WITH
-   1.16.1
+   1.16.2

data/README.md

@@ -9,7 +9,7 @@ as well.
 
 ## Build Status
 
-| Service    | rails 5.1.4 |
+| Service    | rails 5.1 |
 |:-----------|:-----------:|
 | Circle CI  | [![Circle CI](https://circleci.com/gh/ValiMail/devise-secure_password/tree/master.svg?style=shield&circle-token=cd173d5f9d2944a9b14737c2d4339b20b08565cf)]() |
 
@@ -228,7 +228,7 @@ To determine the Ruby on Rails versions supported by this release, run the follo
 prompt> gem install flay ruby2ruby rubocop rspec
 prompt> rake test:spec:targets
 
-Available Rails targets: 5.0.6, 5.1.4
+Available Rails targets: 5.0, 5.1
 ```
 
 Reconfigure the project by specifying the correct Gemfile when running bundler, followed by running tests:

data/app/controllers/devise/passwords_with_policy_controller.rb

@@ -4,9 +4,7 @@ module Devise
 
     def edit
       self.resource = resource_class.new
-      if warden.session(scope_name)['secure_password_expired']
-        resource.errors.add(:base, "#{error_string_for_password_expired}.")
-      end
+      resource.errors.add(:base, "#{error_string_for_password_expired}.")
       render :edit
     end
 
@@ -44,7 +42,7 @@ module Devise
     end
 
     def prepare_for_redirect
-      warden.session(scope_name)[:secure_password_expired] = false
+      unset_devise_secure_password_expired!
       flash[:notice] = alert_string_for_password_updated
       bypass_sign_in resource, scope: scope_name
     end

data/gemfiles/{rails-5_0_6.gemfile → rails-5_0.gemfile}

@@ -2,7 +2,7 @@ source 'https://rubygems.org'
 
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 
-ENV['RAILS_TARGET'] ||= '5.0.6'
+ENV['RAILS_TARGET'] ||= '5.0'
 
 gemspec path: '../'
 

data/gemfiles/{rails-5_1_4.gemfile → rails-5_1.gemfile}

@@ -2,7 +2,7 @@ source 'https://rubygems.org'
 
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 
-ENV['RAILS_TARGET'] ||= '5.1.4'
+ENV['RAILS_TARGET'] ||= '5.1'
 
 gemspec path: '../'
 

data/gemfiles/{rails-5_1_4.gemfile.lock → rails-5_1.gemfile.lock}

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise-secure_password (1.0.5)
+    devise-secure_password (1.0.6)
       devise (>= 4.0.0, < 5.0.0)
       railties (>= 5.0.0, < 6.0.0)
 
@@ -58,7 +58,7 @@ GEM
     ansi (1.5.0)
     arel (8.0.0)
     ast (2.4.0)
-    bcrypt (3.1.11)
+    bcrypt (3.1.12)
     builder (3.2.3)
     byebug (10.0.2)
     capybara (2.18.0)
@@ -68,7 +68,7 @@ GEM
       rack (>= 1.0.0)
       rack-test (>= 0.5.4)
       xpath (>= 2.0, < 4.0)
-    capybara-screenshot (1.0.19)
+    capybara-screenshot (1.0.21)
       capybara (>= 1.0, < 4)
       launchy
     childprocess (0.9.0)
@@ -95,7 +95,7 @@ GEM
     erubis (2.7.0)
     execjs (2.7.0)
     ffi (1.9.23)
-    flay (2.11.0)
+    flay (2.12.0)
       erubis (~> 2.7.0)
       path_expander (~> 1.0)
       ruby_parser (~> 3.0)
@@ -118,7 +118,7 @@ GEM
     mini_mime (1.0.0)
     mini_portile2 (2.3.0)
     minitest (5.11.3)
-    nio4r (2.3.0)
+    nio4r (2.3.1)
     nokogiri (1.8.2)
       mini_portile2 (~> 2.3.0)
     orm_adapter (0.5.0)
@@ -186,7 +186,7 @@ GEM
     rspec-support (3.7.1)
     rspec_junit_formatter (0.3.0)
       rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (0.55.0)
+    rubocop (0.56.0)
       parallel (~> 1.10)
       parser (>= 2.5)
       powerpack (~> 0.1)
@@ -211,7 +211,7 @@ GEM
       sprockets (>= 2.8, < 4.0)
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
-    selenium-webdriver (3.11.0)
+    selenium-webdriver (3.12.0)
       childprocess (~> 0.5)
       rubyzip (~> 1.2)
     sexp_processor (4.11.0)
@@ -279,4 +279,4 @@ DEPENDENCIES
   therubyracer (~> 0.12.3)
 
 BUNDLED WITH
-   1.16.1
+   1.16.2

data/lib/devise/secure_password.rb

@@ -38,8 +38,8 @@ module Devise
 
   module SecurePassword
     module Controllers
+      autoload :Helpers,       'devise/secure_password/controllers/helpers'
       autoload :DeviseHelpers, 'devise/secure_password/controllers/devise_helpers'
-      autoload :ActiveHelpers, 'devise/secure_password/controllers/active_helpers'
     end
 
     class Engine < ::Rails::Engine
@@ -49,7 +49,7 @@ module Devise
       end
       ActiveSupport.on_load(:action_controller) do
         include ActionView::Helpers::DateHelper
-        include Devise::SecurePassword::Controllers::ActiveHelpers
+        include Devise::SecurePassword::Controllers::Helpers
       end
 
       # add exceptions to the inflector so it doesn't get tripped up by our concerns that end in an 's'

data/lib/devise/secure_password/controllers/devise_helpers.rb

@@ -6,58 +6,14 @@ module Devise
 
         # rubocop:disable Style/ClassAndModuleChildren
         class ::DeviseController
-          alias old_require_no_authentication require_no_authentication
+          alias devise_sign_in sign_in
 
           protected
 
-          # Override the devise require_no_authentication before callback to
-          # prevent authenticated users with expired passwords from escaping to
-          # other pages without first updating their passwords.
-          def require_no_authentication
-            return if check_password_expired_and_redirect!
-
-            old_require_no_authentication
-          end
-
-          # Store the name of the current controller and action in the warden
-          # session store then redirect if signed in and password expired. The
-          # stored values will be used by non-devise controllers to prevent a
-          # user from escaping the change password process.
-          def check_password_expired_and_redirect!
-            assert_is_devise_resource!
-
-            return if skip_current_devise_controller?
-
-            if signed_in?(scope_name) && warden.session(scope_name)[:secure_password_expired]
-              save_controller_state
-              redirect_to edit_user_password_with_policy_url, alert: "#{error_string_for_password_expired}."
-              return true
+          def sign_in(*args)
+            devise_sign_in(*args).tap do
+              set_devise_secure_password_expired! if warden_user_has_password_expiration?
             end
-
-            false
-          end
-
-          def save_controller_state
-            warden.session(scope_name)[:secure_last_controller] = self.class.name
-            warden.session(scope_name)[:secure_last_action] = action_name
-          end
-
-          # Prevent infinite loops and allow specified controllers to bypass.
-          # @NOTE: The ability to extend this list may be made public, in the
-          # future if that functionality is needed.
-          def skip_current_devise_controller?
-            exclusion_list = [
-              'Devise::SessionsController'
-            ]
-            !(exclusion_list.include?("#{self.class.name}#" + action_name) || (exclusion_list & self.class.ancestors.map(&:to_s)).any?)
-          end
-
-          def error_string_for_password_expired
-            class_obj = scope_name.to_s.camelize.constantize
-            I18n.t(
-              'secure_password.password_requires_regular_updates.errors.messages.password_expired',
-              timeframe: distance_of_time_in_words(class_obj.password_maximum_age)
-            )
           end
         end
         # rubocop:enable Style/ClassAndModuleChildren

data/lib/devise/secure_password/controllers/helpers.rb

@@ -0,0 +1,53 @@
+module Devise
+  module SecurePassword
+    module Controllers
+      module Helpers
+        extend ActiveSupport::Concern
+
+        included do
+          before_action :authenticate_secure_password!, unless: :devise_controller?
+        end
+
+        def authenticate_secure_password_expired?
+          return false if devise_controller?
+          session[:devise_secure_password_expired] == true
+        end
+
+        def authenticate_secure_password!
+          return unless authenticate_secure_password_expired?
+          redirect_to authenticate_secure_password_path, alert: "#{error_string_for_password_expired}."
+        end
+
+        def authenticate_secure_password_path
+          return unless warden.user
+          :"edit_#{devise_secure_password_scope}_password_with_policy"
+        end
+
+        private
+
+        def devise_secure_password_scope
+          Devise::Mapping.find_scope!(warden.user)
+        end
+
+        def error_string_for_password_expired
+          I18n.t(
+            'secure_password.password_requires_regular_updates.errors.messages.password_expired',
+            timeframe: distance_of_time_in_words(warden.user.class.password_maximum_age)
+          )
+        end
+
+        def set_devise_secure_password_expired!
+          session[:devise_secure_password_expired] = warden.user.password_expired?
+        end
+
+        def unset_devise_secure_password_expired!
+          session.delete(:devise_secure_password_expired)
+        end
+
+        def warden_user_has_password_expiration?
+          warden&.user&.respond_to?(:password_expired?)
+        end
+      end
+    end
+  end
+end

data/lib/devise/secure_password/models/password_requires_regular_updates.rb

@@ -3,8 +3,6 @@ module Devise
     module PasswordRequiresRegularUpdates
       extend ActiveSupport::Concern
 
-      require 'devise/secure_password/hooks/password_requires_regular_updates'
-
       class ConfigurationError < RuntimeError; end
 
       included do

data/lib/devise/secure_password/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module SecurePassword
-    VERSION = '1.0.6'.freeze
+    VERSION = '1.0.7'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-secure_password
 version: !ruby/object:Gem::Version
-  version: 1.0.6
+  version: 1.0.7
 platform: ruby
 authors:
 - Mark Eissler
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-04 00:00:00.000000000 Z
+date: 2018-05-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -425,42 +425,14 @@ files:
 - "./bin/console"
 - "./bin/setup"
 - "./config/locales/en.yml"
-- "./coverage/assets/0.10.2/application.css"
-- "./coverage/assets/0.10.2/application.js"
-- "./coverage/assets/0.10.2/colorbox/border.png"
-- "./coverage/assets/0.10.2/colorbox/controls.png"
-- "./coverage/assets/0.10.2/colorbox/loading.gif"
-- "./coverage/assets/0.10.2/colorbox/loading_background.png"
-- "./coverage/assets/0.10.2/favicon_green.png"
-- "./coverage/assets/0.10.2/favicon_red.png"
-- "./coverage/assets/0.10.2/favicon_yellow.png"
-- "./coverage/assets/0.10.2/loading.gif"
-- "./coverage/assets/0.10.2/magnify.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-bg_flat_75_ffffff_40x100.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-bg_glass_65_ffffff_1x400.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-bg_glass_75_dadada_1x400.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-icons_222222_256x240.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-icons_2e83ff_256x240.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-icons_454545_256x240.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-icons_888888_256x240.png"
-- "./coverage/assets/0.10.2/smoothness/images/ui-icons_cd0a0a_256x240.png"
-- "./coverage/index.html"
-- "./devise-secure_password-1.0.0.gem"
 - "./devise-secure_password.gemspec"
 - "./docker-entrypoint.sh"
-- "./gemfiles/rails-5_0_6.gemfile"
-- "./gemfiles/rails-5_0_6.gemfile.lock"
-- "./gemfiles/rails-5_1_4.gemfile"
-- "./gemfiles/rails-5_1_4.gemfile.lock"
+- "./gemfiles/rails-5_0.gemfile"
+- "./gemfiles/rails-5_1.gemfile"
+- "./gemfiles/rails-5_1.gemfile.lock"
 - "./lib/devise/secure_password.rb"
-- "./lib/devise/secure_password/controllers/active_helpers.rb"
 - "./lib/devise/secure_password/controllers/devise_helpers.rb"
-- "./lib/devise/secure_password/hooks/password_requires_regular_updates.rb"
+- "./lib/devise/secure_password/controllers/helpers.rb"
 - "./lib/devise/secure_password/models/password_disallows_frequent_changes.rb"
 - "./lib/devise/secure_password/models/password_disallows_frequent_reuse.rb"
 - "./lib/devise/secure_password/models/password_has_required_content.rb"
@@ -472,9 +444,7 @@ files:
 - "./lib/generators/devise/templates/README.txt"
 - "./lib/generators/devise/templates/secure_password.rb"
 - "./lib/support/string/character_counter.rb"
-- "./pkg/devise-secure_password-1.0.3.gem"
-- "./pkg/devise-secure_password-1.0.4.gem"
-- "./pkg/devise-secure_password-1.0.5.gem"
+- "./pkg/devise-secure_password-1.0.7.gem"
 homepage: https://github.com/valimail/devise-secure_password
 licenses:
 - MIT
@@ -495,7 +465,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.14
+rubygems_version: 2.6.14.1
 signing_key: 
 specification_version: 4
 summary: A devise password policy enforcement extension.