devise-security 0.11.1 → 0.12.0

data/test/test_paranoid_verification.rb

@@ -22,7 +22,7 @@ class TestParanoidVerification < ActiveSupport::TestCase
     assert_equal(0, user.paranoid_verification_attempt)
   end
 
-  test "generate code must reset attempt counter" do
+  test 'generate code must reset attempt counter' do
     user = User.new
     user.generate_paranoid_code
     # default generator generates 5 char string
@@ -30,7 +30,7 @@ class TestParanoidVerification < ActiveSupport::TestCase
     assert_equal(user.paranoid_verification_code.length, 5)
   end
 
-  test "when code match upon verify code, should mark record that it's no loger needed to verify" do
+  test 'when code match upon verify code, should mark record that it\'s no loger needed to verify' do
     user = User.new(paranoid_verification_code: 'abcde')
 
     assert_equal(true, user.need_paranoid_verification?)

data/test/test_password_archivable.rb

@@ -16,31 +16,45 @@ class TestPasswordArchivable < ActiveSupport::TestCase
   end
 
   test 'cannot use same password' do
-    user = User.create password: 'password1', password_confirmation: 'password1'
+    user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'Password1') }
+  end
+
+  test 'indirectly saving associated user does not cause deprecation warning' do
+    old_behavior = ActiveSupport::Deprecation.behavior
+    ActiveSupport::Deprecation.behavior = :raise
+    user = User.new email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
+    widget = Widget.new(user: user)
+    widget.save
+    ActiveSupport::Deprecation.behavior = old_behavior
+  end
 
-    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password1') }
+  test 'does not save an OldPassword if user password was originally nil' do
+    user = User.new(email: 'bob@microsoft.com', password: nil, password_confirmation: nil)
+    set_password(user, 'Password1')
+    assert_equal 0, OldPassword.count
   end
 
   test 'cannot use archived passwords' do
     assert_equal 2, Devise.password_archiving_count
 
-    user = User.create password: 'password1', password_confirmation: 'password1'
+    user = User.create! email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
     assert_equal 0, OldPassword.count
 
-    set_password(user,  'password2')
+    set_password(user,  'Password2')
     assert_equal 1, OldPassword.count
 
-    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password1') }
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'Password1') }
 
-    set_password(user,  'password3')
+    set_password(user,  'Password3')
     assert_equal 2, OldPassword.count
 
     # rotate first password out of archive
-    assert set_password(user,  'password4')
+    assert set_password(user,  'Password4')
 
     # archive count was 2, so first password should work again
-    assert set_password(user,  'password1')
-    assert set_password(user,  'password2')
+    assert set_password(user,  'Password1')
+    assert set_password(user,  'Password2')
   end
 
   test 'the option should be dynamic during runtime' do
@@ -50,12 +64,12 @@ class TestPasswordArchivable < ActiveSupport::TestCase
       end
     end
 
-    user = User.create password: 'password1', password_confirmation: 'password1'
+    user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
 
-    assert set_password(user,  'password2')
+    assert set_password(user,  'Password2')
 
-    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password2') }
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'Password2') }
 
-    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password1') }
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'Password1') }
   end
 end

data/test/test_password_expirable.rb

@@ -10,7 +10,7 @@ class TestPasswordArchivable < ActiveSupport::TestCase
   end
 
   test 'password expires' do
-    user = User.create password: 'password1', password_confirmation: 'password1'
+    user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
     refute user.need_change_password?
 
     user.update(password_changed_at: Time.now.ago(3.month))
@@ -18,7 +18,7 @@ class TestPasswordArchivable < ActiveSupport::TestCase
   end
 
   test 'override expire after at runtime' do
-    user = User.new password: 'password1', password_confirmation: 'password1'
+    user = User.new email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
     user.instance_eval do
       def expire_password_after
         4.month

data/test/test_password_expired_controller.rb

@@ -5,9 +5,14 @@ class Devise::PasswordExpiredControllerTest < ActionController::TestCase
 
   setup do
     @request.env["devise.mapping"] = Devise.mappings[:user]
-    @user = User.create(username: 'hello', email: 'hello@path.travel',
-                        password: '1234', password_changed_at: 4.months.ago)
-
+    @user = User.create!(
+      username: 'hello',
+      email: 'hello@path.travel',
+      password: 'Password4',
+      password_changed_at: 4.months.ago,
+      confirmed_at: 5.months.ago
+    )
+    assert @user.valid?
     sign_in(@user)
   end
 
@@ -16,14 +21,24 @@ class Devise::PasswordExpiredControllerTest < ActionController::TestCase
     assert_includes @response.body, 'Renew your password'
   end
 
-  test 'shold update password' do
-    put :update, params: {
-      user: {
-        current_password: '1234',
-        password: '12345',
-        password_confirmation: '12345'
+  test 'should update password' do
+    if Rails.version < "5"
+      put :update, {
+        user: {
+          current_password: 'Password4',
+          password: 'Password5',
+          password_confirmation: 'Password5'
+        }
+      }
+    else
+      put :update, params: {
+        user: {
+          current_password: 'Password4',
+          password: 'Password5',
+          password_confirmation: 'Password5'
+        }
       }
-    }
+    end
     assert_redirected_to root_path
   end
 end

data/test/test_security_question_controller.rb

@@ -6,31 +6,47 @@ class TestWithSecurityQuestion < ActionController::TestCase
 
   setup do
     @user = User.create(username: 'hello', email: 'hello@path.travel',
-                        password: '1234', security_question_answer: "Right Answer")
+                        password: '1234', security_question_answer: 'Right Answer')
     @user.lock_access!
 
-    @request.env["devise.mapping"] = Devise.mappings[:security_question_user]
+    @request.env['devise.mapping'] = Devise.mappings[:security_question_user]
   end
 
   test 'When security question is enabled, it is inserted correctly' do
-    post :create, params: {
-      security_question_user: {
-        email: @user.email
-      }, security_question_answer: "wrong answer"
-    }
+    if Rails.version < "5"
+      post :create, {
+        security_question_user: {
+          email: @user.email
+        }, security_question_answer: "wrong answer"
+      }
+    else
+      post :create, params: {
+        security_question_user: {
+          email: @user.email
+        }, security_question_answer: "wrong answer"
+      }
+    end
 
-    assert_equal "The security question answer was invalid.", flash[:alert]
+    assert_equal 'The security question answer was invalid.', flash[:alert]
     assert_redirected_to new_security_question_user_unlock_path
   end
 
   test 'When security_question is valid, it runs as normal' do
-    post :create, params: {
-      security_question_user: {
-        email: @user.email
-      }, security_question_answer: @user.security_question_answer
-    }
+    if Rails.version < "5"
+      post :create, {
+        security_question_user: {
+          email: @user.email
+        }, security_question_answer: @user.security_question_answer
+      }
+    else
+      post :create, params: {
+        security_question_user: {
+          email: @user.email
+        }, security_question_answer: @user.security_question_answer
+      }
+    end
 
-    assert_equal "You will receive an email with instructions for how to unlock your account in a few minutes.", flash[:notice]
+    assert_equal 'You will receive an email with instructions for how to unlock your account in a few minutes.', flash[:notice]
     assert_redirected_to new_security_question_user_session_path
   end
 end
@@ -41,20 +57,28 @@ class TestWithoutSecurityQuestion < ActionController::TestCase
 
   setup do
     @user = User.create(username: 'hello', email: 'hello@path.travel',
-                        password: '1234', security_question_answer: "Right Answer")
+                        password: '1234', security_question_answer: 'Right Answer')
     @user.lock_access!
 
-    @request.env["devise.mapping"] = Devise.mappings[:user]
+    @request.env['devise.mapping'] = Devise.mappings[:user]
   end
 
   test 'When security question is not enabled it is not inserted' do
-    post :create, params: {
-      user: {
-        email: @user.email
+    if Rails.version < "5"
+      post :create, {
+        user: {
+          email: @user.email
+        }
+      }
+    else
+      post :create, params: {
+        user: {
+          email: @user.email
+        }
       }
-    }
+    end
 
-    assert_equal "You will receive an email with instructions for how to unlock your account in a few minutes.", flash[:notice]
+    assert_equal 'You will receive an email with instructions for how to unlock your account in a few minutes.', flash[:notice]
     assert_redirected_to new_user_session_path
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise-security
 version: !ruby/object:Gem::Version
-  version: 0.11.1
+  version: 0.12.0
 platform: ruby
 authors:
 - Marco Scholl
@@ -11,15 +11,15 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-30 00:00:00.000000000 Z
+date: 2018-04-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: railties
+  name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.6
+        version: 4.1.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '6.0'
@@ -29,7 +29,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.6
+        version: 4.1.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '6.0'
@@ -53,6 +53,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -119,16 +133,58 @@ dependencies:
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 5.10.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 5.10.3
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-rescue
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rails_email_validator
   requirement: !ruby/object:Gem::Requirement
@@ -177,18 +233,19 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.3.10
-description: An enterprise security extension for devise, trying to meet industrial
-  standard security demands for web applications.
+description: An enterprise security extension for devise.
 email: natebird@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
 - ".document"
 - ".gitignore"
 - ".rubocop.yml"
 - ".ruby-version"
 - ".travis.yml"
+- Appraisals
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -202,12 +259,18 @@ files:
 - config/locales/es.yml
 - config/locales/it.yml
 - devise-security.gemspec
+- gemfiles/rails_4.1_stable.gemfile
+- gemfiles/rails_4.2_stable.gemfile
+- gemfiles/rails_5.0_stable.gemfile
+- gemfiles/rails_5.1_stable.gemfile
+- gemfiles/rails_5.2_rc1.gemfile
 - lib/devise-security.rb
 - lib/devise-security/controllers/helpers.rb
 - lib/devise-security/hooks/expirable.rb
 - lib/devise-security/hooks/paranoid_verification.rb
 - lib/devise-security/hooks/password_expirable.rb
 - lib/devise-security/hooks/session_limitable.rb
+- lib/devise-security/models/compatibility.rb
 - lib/devise-security/models/database_authenticatable_patch.rb
 - lib/devise-security/models/expirable.rb
 - lib/devise-security/models/old_password.rb
@@ -241,10 +304,12 @@ files:
 - test/dummy/app/controllers/foos_controller.rb
 - test/dummy/app/controllers/security_question/unlocks_controller.rb
 - test/dummy/app/models/.gitkeep
+- test/dummy/app/models/application_record.rb
 - test/dummy/app/models/captcha_user.rb
 - test/dummy/app/models/secure_user.rb
 - test/dummy/app/models/security_question_user.rb
 - test/dummy/app/models/user.rb
+- test/dummy/app/models/widget.rb
 - test/dummy/app/views/foos/index.html.erb
 - test/dummy/config.ru
 - test/dummy/config/application.rb
@@ -260,6 +325,11 @@ files:
 - test/dummy/db/migrate/20150402165590_add_verification_columns.rb
 - test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb
 - test/dummy/db/migrate/20160320162345_add_security_questions_fields.rb
+- test/dummy/db/migrate/20180318103603_add_expireable_columns.rb
+- test/dummy/db/migrate/20180318105329_add_confirmable_columns.rb
+- test/dummy/db/migrate/20180318105732_add_rememberable_columns.rb
+- test/dummy/db/migrate/20180318111336_add_recoverable_columns.rb
+- test/dummy/db/migrate/20180319114023_add_widget.rb
 - test/test_captcha_controller.rb
 - test/test_helper.rb
 - test/test_install_generator.rb
@@ -281,7 +351,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.2
+      version: 2.2.9
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -289,7 +359,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Security extension for devise
@@ -300,10 +370,12 @@ test_files:
 - test/dummy/app/controllers/foos_controller.rb
 - test/dummy/app/controllers/security_question/unlocks_controller.rb
 - test/dummy/app/models/.gitkeep
+- test/dummy/app/models/application_record.rb
 - test/dummy/app/models/captcha_user.rb
 - test/dummy/app/models/secure_user.rb
 - test/dummy/app/models/security_question_user.rb
 - test/dummy/app/models/user.rb
+- test/dummy/app/models/widget.rb
 - test/dummy/app/views/foos/index.html.erb
 - test/dummy/config.ru
 - test/dummy/config/application.rb
@@ -319,6 +391,11 @@ test_files:
 - test/dummy/db/migrate/20150402165590_add_verification_columns.rb
 - test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb
 - test/dummy/db/migrate/20160320162345_add_security_questions_fields.rb
+- test/dummy/db/migrate/20180318103603_add_expireable_columns.rb
+- test/dummy/db/migrate/20180318105329_add_confirmable_columns.rb
+- test/dummy/db/migrate/20180318105732_add_rememberable_columns.rb
+- test/dummy/db/migrate/20180318111336_add_recoverable_columns.rb
+- test/dummy/db/migrate/20180319114023_add_widget.rb
 - test/test_captcha_controller.rb
 - test/test_helper.rb
 - test/test_install_generator.rb