devise-security 0.12.0 → 0.13.0

data/test/test_helper.rb

@@ -1,20 +1,31 @@
+# frozen_string_literal: true
+
 ENV['RAILS_ENV'] ||= 'test'
 
 require 'simplecov'
-require 'coveralls'
-Coveralls.wear!
+SimpleCov.start do
+  add_filter 'gemfiles'
+  add_group 'Tests', 'test'
+  add_group 'Password Expireable', "password_expirable"
+end
+
+if ENV['CI']
+  require 'coveralls'
+  SimpleCov.formatter = Coveralls::SimpleCov::Formatter
+  Coveralls.wear!
+end
 
 require 'dummy/config/environment'
 require 'minitest/autorun'
 require 'rails/test_help'
+
 require 'devise-security'
+require 'pry'
 
 ActiveRecord::Migration.verbose = false
 ActiveRecord::Base.logger = Logger.new(nil)
-ActiveRecord::Migrator.migrate(File.expand_path('../dummy/db/migrate', __FILE__))
-
-SimpleCov.formatter = Coveralls::SimpleCov::Formatter
-SimpleCov.start do
-  add_filter 'test/dummy'
-  add_filter 'gemfiles'
+if Rails.gem_version >= Gem::Version.new('5.2.0')
+  ActiveRecord::MigrationContext.new(File.expand_path('../dummy/db/migrate', __FILE__)).migrate
+else
+  ActiveRecord::Migrator.migrate(File.expand_path('../dummy/db/migrate', __FILE__))
 end

data/test/test_install_generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 require 'rails/generators/test_case'
 require 'generators/devise_security/install_generator'
@@ -10,7 +12,11 @@ class TestInstallGenerator < Rails::Generators::TestCase
   test 'Assert all files are properly created' do
     run_generator
     assert_file 'config/initializers/devise-security.rb'
-    assert_file 'config/locales/devise.security_extension.en.yml'
     assert_file 'config/locales/devise.security_extension.de.yml'
+    assert_file 'config/locales/devise.security_extension.en.yml'
+    assert_file 'config/locales/devise.security_extension.es.yml'
+    assert_file 'config/locales/devise.security_extension.fr.yml'
+    assert_file 'config/locales/devise.security_extension.it.yml'
+    assert_file 'config/locales/devise.security_extension.tr.yml'
   end
 end

data/test/test_paranoid_verification.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 
 class TestParanoidVerification < ActiveSupport::TestCase

data/test/test_password_archivable.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 
 class TestPasswordArchivable < ActiveSupport::TestCase

data/test/test_password_expirable.rb

@@ -1,32 +1,93 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 
 class TestPasswordArchivable < ActiveSupport::TestCase
   setup do
-    Devise.expire_password_after = 2.month
+    Devise.expire_password_after = 2.months
   end
 
   teardown do
     Devise.expire_password_after = 90.days
   end
 
-  test 'password expires' do
+  test 'does nothing if disabled' do
+    Devise.expire_password_after = false
     user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
     refute user.need_change_password?
+    refute user.password_expired?
+    user.need_change_password!
+    refute user.need_change_password?
+    refute user.password_expired?
+  end
 
-    user.update(password_changed_at: Time.now.ago(3.month))
+  test 'password change can be requested' do
+    Devise.expire_password_after = true
+    user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
+    refute user.need_change_password?
+    refute user.password_expired?
+    refute user.password_change_requested?
+    user.need_change_password!
     assert user.need_change_password?
+    refute user.password_expired? # it's not too old because it's not set at all
+    assert user.password_change_requested?
   end
 
-  test 'override expire after at runtime' do
+  test 'password expires' do
+    user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
+    refute user.need_change_password?
+    refute user.password_expired?
+    refute user.password_too_old?
+    user.update(password_changed_at: Time.now.ago(3.months))
+    assert user.password_too_old?
+    assert user.need_change_password?
+    assert user.password_expired?
+    refute user.password_change_requested?
+  end
+
+  test 'saving a record records the time the password was changed' do
     user = User.new email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
+    assert user.password_changed_at.nil?
+    refute user.password_change_requested?
+    refute user.password_expired?
+    user.save
+    assert user.password_changed_at.present?
+    refute user.password_change_requested?
+    refute user.password_expired?
+  end
+
+  test 'updating a record updates the time the password was changed if the password is changed' do
+    user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
+    user.expire_password!
+    assert user.password_change_requested?
+    user.password = "NewPassword1"
+    user.password_confirmation = "NewPassword1"
+    user.save
+    assert user.previous_changes.key?(:password_changed_at)
+    refute user.password_change_requested?
+  end
+
+  test 'updating a record does not updates the time the password was changed if the password was not changed' do
+    user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
+    user.expire_password!
+    assert user.password_change_requested?
+    user.save
+    refute user.previous_changes.key?(:password_changed_at)
+    assert user.password_change_requested?
+  end
+
+  test 'override expire after at runtime' do
+    user = User.create email: 'bob@microsoft.com', password: 'Password1', password_confirmation: 'Password1'
     user.instance_eval do
       def expire_password_after
-        4.month
+        4.months
       end
     end
-    user.password_changed_at = Time.now.ago(3.month)
+    user.password_changed_at = Time.now.ago(3.months)
     refute user.need_change_password?
-    user.password_changed_at = Time.now.ago(5.month)
+    refute user.password_expired?
+    user.password_changed_at = Time.now.ago(5.months)
     assert user.need_change_password?
+    assert user.password_expired?
   end
 end

data/test/test_password_expired_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 
 class Devise::PasswordExpiredControllerTest < ActionController::TestCase

data/test/test_secure_validatable.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 require 'rails_email_validator'
 
@@ -7,13 +9,10 @@ class TestSecureValidatable < ActiveSupport::TestCase
            :paranoid_verification, :password_expirable, :secure_validatable
   end
 
-  setup do
-    Devise.password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
-  end
-
   test 'email cannot be blank' do
     msg = "Email can't be blank"
     user = User.create password: 'passWord1', password_confirmation: 'passWord1'
+
     assert_equal(false, user.valid?)
     assert_equal([msg], user.errors.full_messages)
     assert_raises(ActiveRecord::RecordInvalid) do
@@ -31,24 +30,24 @@ class TestSecureValidatable < ActiveSupport::TestCase
     end
   end
 
-  test 'valid both email and password' do
-    msgs = ['Email is invalid', 'Password must contain big, small letters and digits']
-    user = User.create email: 'bob@foo.tv', password: 'password1', password_confirmation: 'password1'
+  test 'validate both email and password' do
+    msgs = ['Email is invalid', 'Password must contain at least one upper-case letter']
+    user = User.create email: 'bob@@foo.tv', password: 'password1', password_confirmation: 'password1'
     assert_equal(false, user.valid?)
     assert_equal(msgs, user.errors.full_messages)
     assert_raises(ActiveRecord::RecordInvalid) { user.save! }
   end
 
   test 'password must have capital letter' do
-    msgs = ['Email is invalid', 'Password must contain big, small letters and digits']
-    user = User.create email: 'bob@example.org', password: 'password1', password_confirmation: 'password1'
+    msgs = ['Password must contain at least one upper-case letter']
+    user = User.create email: 'bob@microsoft.com', password: 'password1', password_confirmation: 'password1'
     assert_equal(false, user.valid?)
     assert_equal(msgs, user.errors.full_messages)
     assert_raises(ActiveRecord::RecordInvalid) { user.save! }
   end
 
   test 'password must have lowercase letter' do
-    msg = 'Password must contain big, small letters and digits'
+    msg = 'Password must contain at least one lower-case letter'
     user = User.create email: 'bob@microsoft.com', password: 'PASSWORD1', password_confirmation: 'PASSWORD1'
     assert_equal(false, user.valid?)
     assert_equal([msg], user.errors.full_messages)
@@ -56,7 +55,7 @@ class TestSecureValidatable < ActiveSupport::TestCase
   end
 
   test 'password must have number' do
-    msg = 'Password must contain big, small letters and digits'
+    msg = 'Password must contain at least one digit'
     user = User.create email: 'bob@microsoft.com', password: 'PASSword', password_confirmation: 'PASSword'
     assert_equal(false, user.valid?)
     assert_equal([msg], user.errors.full_messages)

data/test/test_security_question_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'test_helper'
 
 class TestWithSecurityQuestion < ActionController::TestCase

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise-security
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.13.0
 platform: ruby
 authors:
 - Marco Scholl
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-16 00:00:00.000000000 Z
+date: 2018-10-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -19,7 +19,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.1.0
+        version: 4.2.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '6.0'
@@ -29,7 +29,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.1.0
+        version: 4.2.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '6.0'
@@ -73,46 +73,40 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: easy_captcha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
@@ -133,16 +127,16 @@ dependencies:
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.10.3
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.10.3
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
@@ -189,14 +183,14 @@ dependencies:
   name: rails_email_validator
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
@@ -205,43 +199,38 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.58.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.58.0
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.10
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.10
+        version: '0'
 description: An enterprise security extension for devise.
 email: natebird@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".circleci/config.yml"
+- ".codeclimate.yml"
 - ".document"
 - ".gitignore"
+- ".mdlrc"
 - ".rubocop.yml"
 - ".ruby-version"
 - ".travis.yml"
@@ -257,13 +246,14 @@ files:
 - config/locales/de.yml
 - config/locales/en.yml
 - config/locales/es.yml
+- config/locales/fr.yml
 - config/locales/it.yml
+- config/locales/tr.yml
 - devise-security.gemspec
-- gemfiles/rails_4.1_stable.gemfile
 - gemfiles/rails_4.2_stable.gemfile
 - gemfiles/rails_5.0_stable.gemfile
 - gemfiles/rails_5.1_stable.gemfile
-- gemfiles/rails_5.2_rc1.gemfile
+- gemfiles/rails_5.2.0.gemfile
 - lib/devise-security.rb
 - lib/devise-security/controllers/helpers.rb
 - lib/devise-security/hooks/expirable.rb
@@ -295,6 +285,7 @@ files:
 - lib/devise-security/rails.rb
 - lib/devise-security/routes.rb
 - lib/devise-security/schema.rb
+- lib/devise-security/validators/password_complexity_validator.rb
 - lib/devise-security/version.rb
 - lib/generators/devise_security/install_generator.rb
 - lib/generators/templates/devise-security.rb
@@ -331,6 +322,7 @@ files:
 - test/dummy/db/migrate/20180318111336_add_recoverable_columns.rb
 - test/dummy/db/migrate/20180319114023_add_widget.rb
 - test/test_captcha_controller.rb
+- test/test_complexity_validator.rb
 - test/test_helper.rb
 - test/test_install_generator.rb
 - test/test_paranoid_verification.rb
@@ -351,7 +343,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.9
+      version: 2.3.7
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -359,7 +351,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Security extension for devise
@@ -397,6 +389,7 @@ test_files:
 - test/dummy/db/migrate/20180318111336_add_recoverable_columns.rb
 - test/dummy/db/migrate/20180319114023_add_widget.rb
 - test/test_captcha_controller.rb
+- test/test_complexity_validator.rb
 - test/test_helper.rb
 - test/test_install_generator.rb
 - test/test_paranoid_verification.rb