RubyGems - devise-security - Versions diffs - 0.12.0 → 0.18.0 - Mend

devise-security 0.12.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (195) hide show

checksums.yaml +4 -4
data/LICENSE.txt +3 -1
data/README.md +199 -65
data/app/controllers/devise/paranoid_verification_code_controller.rb +28 -12
data/app/controllers/devise/password_expired_controller.rb +34 -10
data/app/views/devise/paranoid_verification_code/show.html.erb +4 -4
data/app/views/devise/password_expired/show.html.erb +6 -6
data/config/locales/bg.yml +42 -0
data/config/locales/by.yml +50 -0
data/config/locales/cs.yml +46 -0
data/config/locales/de.yml +33 -7
data/config/locales/en.yml +26 -1
data/config/locales/es.yml +31 -6
data/config/locales/fa.yml +42 -0
data/config/locales/fr.yml +42 -0
data/config/locales/hi.yml +43 -0
data/config/locales/it.yml +36 -4
data/config/locales/ja.yml +42 -0
data/config/locales/nl.yml +42 -0
data/config/locales/pt.yml +42 -0
data/config/locales/ru.yml +50 -0
data/config/locales/tr.yml +42 -0
data/config/locales/uk.yml +50 -0
data/config/locales/zh_CN.yml +42 -0
data/config/locales/zh_TW.yml +42 -0
data/lib/devise-security/controllers/helpers.rb +74 -51
data/lib/devise-security/hooks/expirable.rb +6 -4
data/lib/devise-security/hooks/paranoid_verification.rb +3 -3
data/lib/devise-security/hooks/password_expirable.rb +5 -3
data/lib/devise-security/hooks/session_limitable.rb +31 -14
data/lib/devise-security/models/active_record/old_password.rb +5 -0
data/lib/devise-security/models/compatibility/active_record_patch.rb +41 -0
data/lib/devise-security/models/compatibility/mongoid_patch.rb +32 -0
data/lib/devise-security/models/compatibility.rb +8 -15
data/lib/devise-security/models/database_authenticatable_patch.rb +20 -10
data/lib/devise-security/models/expirable.rb +14 -7
data/lib/devise-security/models/mongoid/old_password.rb +21 -0
data/lib/devise-security/models/paranoid_verification.rb +4 -2
data/lib/devise-security/models/password_archivable.rb +19 -8
data/lib/devise-security/models/password_expirable.rb +103 -48
data/lib/devise-security/models/secure_validatable.rb +69 -12
data/lib/devise-security/models/security_questionable.rb +2 -0
data/lib/devise-security/models/session_limitable.rb +19 -2
data/lib/devise-security/orm/mongoid.rb +7 -0
data/lib/devise-security/patches/controller_captcha.rb +2 -0
data/lib/devise-security/patches/controller_security_question.rb +3 -1
data/lib/devise-security/patches.rb +16 -8
data/lib/devise-security/rails.rb +2 -0
data/lib/devise-security/routes.rb +4 -3
data/lib/devise-security/validators/password_complexity_validator.rb +62 -0
data/lib/devise-security/version.rb +3 -1
data/lib/devise-security.rb +23 -11
data/lib/generators/devise_security/install_generator.rb +6 -6
data/lib/generators/templates/devise_security.rb +52 -0
data/test/{test_captcha_controller.rb → controllers/test_captcha_controller.rb} +2 -0
data/test/controllers/test_paranoid_verification_code_controller.rb +133 -0
data/test/controllers/test_password_expired_controller.rb +164 -0
data/test/controllers/test_security_question_controller.rb +66 -0
data/test/dummy/Rakefile +3 -1
data/test/dummy/app/assets/config/manifest.js +3 -0
data/test/dummy/app/controllers/application_controller.rb +2 -0
data/test/dummy/app/controllers/captcha/sessions_controller.rb +2 -0
data/test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb +7 -0
data/test/dummy/app/controllers/overrides/password_expired_controller.rb +17 -0
data/test/dummy/app/controllers/security_question/unlocks_controller.rb +2 -0
data/test/dummy/app/controllers/widgets_controller.rb +9 -0
data/test/dummy/app/models/application_record.rb +10 -2
data/test/dummy/app/models/application_user_record.rb +12 -0
data/test/dummy/app/models/captcha_user.rb +7 -2
data/test/dummy/app/models/mongoid/confirmable_fields.rb +15 -0
data/test/dummy/app/models/mongoid/database_authenticable_fields.rb +18 -0
data/test/dummy/app/models/mongoid/expirable_fields.rb +13 -0
data/test/dummy/app/models/mongoid/lockable_fields.rb +15 -0
data/test/dummy/app/models/mongoid/mappings.rb +15 -0
data/test/dummy/app/models/mongoid/omniauthable_fields.rb +13 -0
data/test/dummy/app/models/mongoid/paranoid_verification_fields.rb +12 -0
data/test/dummy/app/models/mongoid/password_archivable_fields.rb +11 -0
data/test/dummy/app/models/mongoid/password_expirable_fields.rb +12 -0
data/test/dummy/app/models/mongoid/recoverable_fields.rb +13 -0
data/test/dummy/app/models/mongoid/registerable_fields.rb +21 -0
data/test/dummy/app/models/mongoid/rememberable_fields.rb +12 -0
data/test/dummy/app/models/mongoid/secure_validatable_fields.rb +13 -0
data/test/dummy/app/models/mongoid/security_questionable_fields.rb +15 -0
data/test/dummy/app/models/mongoid/session_limitable_fields.rb +12 -0
data/test/dummy/app/models/mongoid/timeoutable_fields.rb +11 -0
data/test/dummy/app/models/mongoid/trackable_fields.rb +16 -0
data/test/dummy/app/models/mongoid/validatable_fields.rb +9 -0
data/test/dummy/app/models/paranoid_verification_user.rb +26 -0
data/test/dummy/app/models/password_expired_user.rb +26 -0
data/test/dummy/app/models/security_question_user.rb +9 -4
data/test/dummy/app/models/user.rb +16 -1
data/test/dummy/app/models/widget.rb +4 -0
data/test/dummy/app/mongoid/admin.rb +31 -0
data/test/dummy/app/mongoid/one_user.rb +58 -0
data/test/dummy/app/mongoid/shim.rb +25 -0
data/test/dummy/app/mongoid/user_on_engine.rb +41 -0
data/test/dummy/app/mongoid/user_on_main_app.rb +41 -0
data/test/dummy/app/mongoid/user_with_validations.rb +37 -0
data/test/dummy/app/mongoid/user_without_email.rb +38 -0
data/test/dummy/config/application.rb +13 -11
data/test/dummy/config/boot.rb +3 -1
data/test/dummy/config/environment.rb +3 -1
data/test/dummy/config/environments/test.rb +6 -13
data/test/dummy/config/initializers/devise.rb +6 -3
data/test/dummy/config/initializers/migration_class.rb +3 -6
data/test/dummy/config/locales/en.yml +10 -0
data/test/dummy/config/mongoid.yml +6 -0
data/test/dummy/config/routes.rb +8 -3
data/test/dummy/config.ru +3 -1
data/test/dummy/db/migrate/20120508165529_create_tables.rb +17 -6
data/test/dummy/db/migrate/20150402165590_add_verification_columns.rb +2 -0
data/test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb +2 -0
data/test/dummy/db/migrate/20160320162345_add_security_questions_fields.rb +2 -0
data/test/dummy/db/migrate/20180318103603_add_expireable_columns.rb +2 -0
data/test/dummy/db/migrate/20180318105329_add_confirmable_columns.rb +2 -0
data/test/dummy/db/migrate/20180318105732_add_rememberable_columns.rb +2 -0
data/test/dummy/db/migrate/20180318111336_add_recoverable_columns.rb +2 -0
data/test/dummy/db/migrate/20180319114023_add_widget.rb +2 -0
data/test/dummy/lib/shared_expirable_columns.rb +15 -0
data/test/dummy/lib/shared_security_questions_fields.rb +17 -0
data/test/dummy/lib/shared_user.rb +43 -0
data/test/dummy/lib/shared_user_with_password_verification.rb +13 -0
data/test/dummy/lib/shared_user_without_omniauth.rb +24 -0
data/test/dummy/lib/shared_verification_fields.rb +16 -0
data/test/dummy/log/test.log +45240 -0
data/test/i18n_test.rb +22 -0
data/test/integration/test_paranoid_verification_code_workflow.rb +53 -0
data/test/integration/test_password_expirable_workflow.rb +53 -0
data/test/integration/test_session_limitable_workflow.rb +69 -0
data/test/orm/active_record.rb +15 -0
data/test/orm/mongoid.rb +13 -0
data/test/support/integration_helpers.rb +35 -0
data/test/support/mongoid.yml +6 -0
data/test/test_compatibility.rb +15 -0
data/test/test_complexity_validator.rb +282 -0
data/test/test_database_authenticatable_patch.rb +146 -0
data/test/test_helper.rb +41 -9
data/test/test_install_generator.rb +20 -3
data/test/test_paranoid_verification.rb +10 -9
data/test/test_password_archivable.rb +37 -13
data/test/test_password_expirable.rb +72 -9
data/test/test_secure_validatable.rb +289 -55
data/test/test_secure_validatable_overrides.rb +185 -0
data/test/test_session_limitable.rb +57 -0
data/test/tmp/config/initializers/devise_security.rb +52 -0
data/test/tmp/config/locales/devise.security_extension.by.yml +50 -0
data/test/tmp/config/locales/devise.security_extension.cs.yml +46 -0
data/test/tmp/config/locales/devise.security_extension.de.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.en.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.es.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.fa.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.fr.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.hi.yml +43 -0
data/test/tmp/config/locales/devise.security_extension.it.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.ja.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.nl.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.pt.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.ru.yml +50 -0
data/test/tmp/config/locales/devise.security_extension.tr.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.uk.yml +50 -0
data/test/tmp/config/locales/devise.security_extension.zh_CN.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.zh_TW.yml +42 -0
metadata +290 -124
data/.circleci/config.yml +0 -41
data/.document +0 -5
data/.gitignore +0 -40
data/.rubocop.yml +0 -63
data/.ruby-version +0 -1
data/.travis.yml +0 -25
data/Appraisals +0 -19
data/Gemfile +0 -3
data/Rakefile +0 -28
data/devise-security.gemspec +0 -44
data/gemfiles/rails_4.1_stable.gemfile +0 -8
data/gemfiles/rails_4.2_stable.gemfile +0 -8
data/gemfiles/rails_5.0_stable.gemfile +0 -8
data/gemfiles/rails_5.1_stable.gemfile +0 -8
data/gemfiles/rails_5.2_rc1.gemfile +0 -8
data/lib/devise-security/models/old_password.rb +0 -4
data/lib/devise-security/orm/active_record.rb +0 -18
data/lib/devise-security/patches/confirmations_controller_captcha.rb +0 -21
data/lib/devise-security/patches/confirmations_controller_security_question.rb +0 -24
data/lib/devise-security/patches/passwords_controller_captcha.rb +0 -20
data/lib/devise-security/patches/passwords_controller_security_question.rb +0 -23
data/lib/devise-security/patches/registrations_controller_captcha.rb +0 -33
data/lib/devise-security/patches/sessions_controller_captcha.rb +0 -24
data/lib/devise-security/patches/unlocks_controller_captcha.rb +0 -20
data/lib/devise-security/patches/unlocks_controller_security_question.rb +0 -23
data/lib/devise-security/schema.rb +0 -64
data/lib/generators/templates/devise-security.rb +0 -38
data/test/dummy/app/controllers/foos_controller.rb +0 -0
data/test/dummy/app/models/.gitkeep +0 -0
data/test/dummy/app/models/secure_user.rb +0 -3
data/test/test_password_expired_controller.rb +0 -44
data/test/test_security_question_controller.rb +0 -84

data/test/test_secure_validatable.rb CHANGED Viewed

@@ -1,85 +1,319 @@
+# frozen_string_literal: true
 require 'test_helper'
-require 'rails_email_validator'
 class TestSecureValidatable < ActiveSupport::TestCase
-  class User < ActiveRecord::Base
-    devise :database_authenticatable, :password_archivable,
-           :paranoid_verification, :password_expirable, :secure_validatable
+  class User < ApplicationRecord
+    devise :database_authenticatable, :secure_validatable
+    include ::Mongoid::Mappings if DEVISE_ORM == :mongoid
   end
-  setup do
-    Devise.password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
-  end
+  class EmailNotRequiredUser < User
+    protected
-  test 'email cannot be blank' do
-    msg = "Email can't be blank"
-    user = User.create password: 'passWord1', password_confirmation: 'passWord1'
-    assert_equal(false, user.valid?)
-    assert_equal([msg], user.errors.full_messages)
-    assert_raises(ActiveRecord::RecordInvalid) do
-      user.save!
+    def email_required?
+      false
     end
   end
+  test 'email cannot be blank upon creation' do
+    user = User.new(
+      password: 'Password1!', password_confirmation: 'Password1!'
+    )
+    assert user.invalid?
+    assert_equal(["Email can't be blank"], user.errors.full_messages)
+  end
+  test 'email can be blank upon creation if email not required' do
+    user = EmailNotRequiredUser.new(
+      password: 'Password1!', password_confirmation: 'Password1!'
+    )
+    assert user.valid?
+  end
+  test 'email cannot be updated to be blank' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
+    )
+    assert user.valid?
+    user.email = nil
+    assert user.invalid?
+    assert_equal(["Email can't be blank"], user.errors.full_messages)
+  end
+  test 'email can be updated to be blank if email not required' do
+    user = EmailNotRequiredUser.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
+    )
+    assert user.valid?
+    user.email = nil
+    assert user.valid?
+  end
   test 'email must be valid' do
-    msg = 'Email is invalid'
-    user = User.create email: 'bob', password: 'passWord1', password_confirmation: 'passWord1'
-    assert_equal(false, user.valid?)
-    assert_equal([msg], user.errors.full_messages)
-    assert_raises(ActiveRecord::RecordInvalid) do
-      user.save!
-    end
+    user = User.new(
+      email: 'bob', password: 'Password1!', password_confirmation: 'Password1!'
+    )
+    assert user.invalid?
+    assert_equal(['Email is invalid'], user.errors.full_messages)
+  end
+  test 'validate both email and password' do
+    user = User.new(
+      email: 'bob',
+      password: 'password1!',
+      password_confirmation: 'password1!'
+    )
+    assert user.invalid?
+    assert_equal(
+      [
+        'Email is invalid',
+        'Password must contain at least one upper-case letter'
+      ],
+      user.errors.full_messages
+    )
   end
-  test 'valid both email and password' do
-    msgs = ['Email is invalid', 'Password must contain big, small letters and digits']
-    user = User.create email: 'bob@foo.tv', password: 'password1', password_confirmation: 'password1'
-    assert_equal(false, user.valid?)
+  test 'password cannot be blank upon creation' do
+    user = User.new(email: 'bob@microsoft.com')
+    msgs = ["Password can't be blank"]
+    msgs << "Encrypted password can't be blank" if DEVISE_ORM == :mongoid
+    assert user.invalid?
     assert_equal(msgs, user.errors.full_messages)
-    assert_raises(ActiveRecord::RecordInvalid) { user.save! }
+  end
+  test 'password cannot be updated to be blank' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
+    )
+    assert user.valid?
+    user.password = nil
+    user.password_confirmation = nil
+    assert user.invalid?
+    assert_equal(["Password can't be blank"], user.errors.full_messages)
+  end
+  test 'password_confirmation must match password' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'not the same password'
+    )
+    assert user.invalid?
+    assert_equal(
+      ["Password confirmation doesn't match Password"],
+      user.errors.full_messages
+    )
+  end
+  test 'password_confirmation cannot be blank' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: ''
+    )
+    assert user.invalid?
+    assert_equal(
+      ["Password confirmation doesn't match Password"],
+      user.errors.full_messages
+    )
+  end
+  test 'password_confirmation can be skipped' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: nil
+    )
+    assert user.valid?
   end
   test 'password must have capital letter' do
-    msgs = ['Email is invalid', 'Password must contain big, small letters and digits']
-    user = User.create email: 'bob@example.org', password: 'password1', password_confirmation: 'password1'
-    assert_equal(false, user.valid?)
-    assert_equal(msgs, user.errors.full_messages)
-    assert_raises(ActiveRecord::RecordInvalid) { user.save! }
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'password1',
+      password_confirmation: 'password1'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least one upper-case letter'],
+      user.errors.full_messages
+    )
   end
   test 'password must have lowercase letter' do
-    msg = 'Password must contain big, small letters and digits'
-    user = User.create email: 'bob@microsoft.com', password: 'PASSWORD1', password_confirmation: 'PASSWORD1'
-    assert_equal(false, user.valid?)
-    assert_equal([msg], user.errors.full_messages)
-    assert_raises(ActiveRecord::RecordInvalid) { user.save! }
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'PASSWORD1',
+      password_confirmation: 'PASSWORD1'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least one lower-case letter'],
+      user.errors.full_messages
+    )
   end
   test 'password must have number' do
-    msg = 'Password must contain big, small letters and digits'
-    user = User.create email: 'bob@microsoft.com', password: 'PASSword', password_confirmation: 'PASSword'
-    assert_equal(false, user.valid?)
-    assert_equal([msg], user.errors.full_messages)
-    assert_raises(ActiveRecord::RecordInvalid) { user.save! }
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'PASSword',
+      password_confirmation: 'PASSword'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least one digit'],
+      user.errors.full_messages
+    )
+  end
+  test 'password must meet minimum length' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Pa3zZ',
+      password_confirmation: 'Pa3zZ'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password is too short (minimum is 7 characters)'],
+      user.errors.full_messages
+    )
   end
-  test 'password must have minimum length' do
-    msg = 'Password is too short (minimum is 6 characters)'
-    user = User.create email: 'bob@microsoft.com', password: 'Pa3zZ', password_confirmation: 'Pa3zZ'
-    assert_equal(false, user.valid?)
-    assert_equal([msg], user.errors.full_messages)
-    assert_raises(ActiveRecord::RecordInvalid) { user.save! }
+  test "new user can't use existing user's email" do
+    options = {
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
+    }
+    User.create!(options)
+    user = User.new(options)
+    assert user.invalid?
+    assert_equal(['Email has already been taken'], user.errors.full_messages)
   end
-  test 'duplicate email validation message is added only once' do
+  test "new user can't use existing user's email with different casing" do
     options = {
-      email: 'test@example.org',
-      password: 'Test12345',
-      password_confirmation: 'Test12345',
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
     }
-    SecureUser.create!(options)
-    user = SecureUser.new(options)
-    refute user.valid?
-    assert_equal ['Email has already been taken'], user.errors.full_messages
+    User.create!(options)
+    options[:email] = 'BOB@MICROSOFT.COM'
+    user = User.new(options)
+    assert user.invalid?
+    assert_equal(['Email has already been taken'], user.errors.full_messages)
+  end
+  test 'password cannot equal email for new user' do
+    user = User.new(
+      email: 'Bob1@microsoft.com',
+      password: 'Bob1@microsoft.com',
+      password_confirmation: 'Bob1@microsoft.com'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must be different than the email.'],
+      user.errors.full_messages
+    )
+  end
+  test 'password cannot equal case sensitive version of email for new user' do
+    user = User.new(
+      email: 'bob1@microsoft.com',
+      password: 'BoB1@microsoft.com',
+      password_confirmation: 'BoB1@microsoft.com'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must be different than the email.'],
+      user.errors.full_messages
+    )
+  end
+  test 'password cannot equal email with spaces for new user' do
+    user = User.new(
+      email: 'Bob1@microsoft.com',
+      password: 'Bob1@microsoft.com    ',
+      password_confirmation: 'Bob1@microsoft.com    '
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must be different than the email.'],
+      user.errors.full_messages
+    )
+  end
+  test 'password cannot equal case sensitive version of email with spaces '\
+       'for new user' do
+    user = User.new(
+      email: 'Bob1@microsoft.com',
+      password: '  boB1@microsoft.com   ',
+      password_confirmation: '  boB1@microsoft.com   '
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must be different than the email.'],
+      user.errors.full_messages
+    )
+  end
+  test 'new password cannot equal current password' do
+    user = User.create(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
+    )
+    user.password = 'Password1!'
+    assert user.invalid?
+    assert_equal(
+      ['Password must be different than the current password.'],
+      user.errors.full_messages
+    )
+  end
+  test 'should not be included in objects with invalid API' do
+    error = assert_raise RuntimeError do
+      class ::Dog; include Devise::Models::SecureValidatable; end
+    end
+    assert_equal('Could not use SecureValidatable on Dog', error.message)
   end
 end

data/test/test_secure_validatable_overrides.rb ADDED Viewed

@@ -0,0 +1,185 @@
+# frozen_string_literal: true
+require 'test_helper'
+class TestSecureValidatableOverrides < ActiveSupport::TestCase
+  class ::CustomClassPasswordValidator < DeviseSecurity::PasswordComplexityValidator
+    def patterns
+      super.merge(letter: /\p{Alpha}/)
+    end
+  end
+  class ::CustomInstancePasswordValidator < DeviseSecurity::PasswordComplexityValidator
+    # Add a pattern for alphanumeric characters. See
+    # [en.yml](file:///./test/dummy/config/locales/en.yml) for translations used in
+    # tests.
+    def patterns
+      super.merge(alnum: /\p{Alnum}/)
+    end
+  end
+  class User < ApplicationRecord
+    devise :database_authenticatable, :secure_validatable
+    include ::Mongoid::Mappings if DEVISE_ORM == :mongoid
+  end
+  class ClassLevelOverrideUser < User
+    self.allow_passwords_equal_to_email = true
+    self.email_validation = false
+    self.password_complexity = { symbol: 1, letter: 1 }
+    self.password_complexity_validator = 'custom_class_password_validator'
+    self.password_length = 10..100
+  end
+  class InstanceLevelOverrideUser < ClassLevelOverrideUser
+    def allow_passwords_equal_to_email
+      true
+    end
+    def email_validation
+      false
+    end
+    def password_complexity
+      { symbol: 2, alnum: 1 }
+    end
+    def password_length
+      11..100
+    end
+    def password_complexity_validator
+      'CustomInstancePasswordValidator'
+    end
+  end
+  test 'email equal to password can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob1!@microsoft.com',
+      password: 'bob1!@microsoft.com',
+      password_confirmation: 'bob1!@microsoft.com'
+    )
+    assert user.valid?
+  end
+  test 'email equal to password can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob1!@microsoft.com',
+      password: 'bob1!@microsoft.com',
+      password_confirmation: 'bob1!@microsoft.com'
+    )
+    assert user.valid?
+  end
+  test 'email validation can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob1!@f.com',
+      password: 'Pa3zZ1!!aaaaaa',
+      password_confirmation: 'Pa3zZ1!!aaaaaa'
+    )
+    assert user.valid?
+  end
+  test 'email validation can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob1!@f.com',
+      password: 'Pa3zZ1!!aaaaaa',
+      password_confirmation: 'Pa3zZ1!!aaaaaa'
+    )
+    assert user.valid?
+  end
+  test 'password complexity can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'PASSwordddd',
+      password_confirmation: 'PASSwordddd'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least one punctuation mark or symbol'],
+      user.errors.full_messages
+    )
+  end
+  test 'password complexity can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'PASSwordddd',
+      password_confirmation: 'PASSwordddd'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least 2 punctuation marks or symbols'],
+      user.errors.full_messages
+    )
+  end
+  test 'password length can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'Pa3zZ1!',
+      password_confirmation: 'Pa3zZ1!'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password is too short (minimum is 10 characters)'],
+      user.errors.full_messages
+    )
+  end
+  test 'password length can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'Pa3zZ1!!',
+      password_confirmation: 'Pa3zZ1!!'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password is too short (minimum is 11 characters)'],
+      user.errors.full_messages
+    )
+  end
+  test 'password validator can be overridden at the instance level' do
+    password = '!' * 11 # 11 characters, all symbols
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: password,
+      password_confirmation: password
+    )
+    assert user.invalid?
+    # This validation error only occurs when the CustomInstancePasswordValidator
+    # is used.
+    assert_equal(
+      ['Password must contain at least one letter or number'],
+      user.errors.full_messages
+    )
+  end
+  test 'password validator can be overridden at the class level' do
+    password = '!' * 10 # 10 characters, all symbols
+    user = ClassLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: password,
+      password_confirmation: password
+    )
+    assert user.invalid?
+    # This validation error only occurs when the CustomClassPasswordValidator
+    # is used.
+    assert_equal(
+      ['Password must contain at least one letter'],
+      user.errors.full_messages
+    )
+  end
+end

data/test/test_session_limitable.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+require 'test_helper'
+class TestSessionLimitable < ActiveSupport::TestCase
+  class ModifiedUser < User
+    def skip_session_limitable?
+      true
+    end
+  end
+  test 'check is not skipped by default' do
+    user = User.new(email: 'bob@microsoft.com', password: 'password1', password_confirmation: 'password1')
+    assert_not(user.skip_session_limitable?)
+  end
+  test 'default check can be overridden by record instance' do
+    modified_user = ModifiedUser.new(email: 'bob2@microsoft.com', password: 'password1', password_confirmation: 'password1')
+    assert(modified_user.skip_session_limitable?)
+  end
+  class SessionLimitableUser < User
+    devise :session_limitable
+    include ::Mongoid::Mappings if DEVISE_ORM == :mongoid
+  end
+  test 'includes Devise::Models::Compatibility' do
+    assert_kind_of(Devise::Models::Compatibility, SessionLimitableUser.new)
+  end
+  test '#update_unique_session_id!(value) updates valid record' do
+    user = User.create! password: 'passWord1', password_confirmation: 'passWord1', email: 'bob@microsoft.com'
+    assert user.persisted?
+    assert_nil user.unique_session_id
+    user.update_unique_session_id!('unique_value')
+    user.reload
+    assert_equal('unique_value', user.unique_session_id)
+  end
+  test '#update_unique_session_id!(value) updates invalid record atomically' do
+    user = User.create! password: 'passWord1', password_confirmation: 'passWord1', email: 'bob@microsoft.com'
+    assert user.persisted?
+    user.email = ''
+    assert user.invalid?
+    assert_nil user.unique_session_id
+    user.update_unique_session_id!('unique_value')
+    user.reload
+    assert_equal('bob@microsoft.com', user.email)
+    assert_equal('unique_value', user.unique_session_id)
+  end
+  test '#update_unique_session_id!(value) raises an exception on an unpersisted record' do
+    user = User.create
+    assert_not user.persisted?
+    assert_raises(Devise::Models::Compatibility::NotPersistedError) { user.update_unique_session_id!('unique_value') }
+  end
+end

data/test/tmp/config/initializers/devise_security.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+Devise.setup do |config|
+  # ==> Security Extension
+  # Configure security extension for devise
+  # Should the password expire (e.g 3.months)
+  # config.expire_password_after = false
+  # Need 1 char each of: A-Z, a-z, 0-9, and a punctuation mark or symbol
+  # You may use "digits" in place of "digit" and "symbols" in place of
+  # "symbol" based on your preference
+  # config.password_complexity = { digit: 1, lower: 1, symbol: 1, upper: 1 }
+  # How many passwords to keep in archive
+  # config.password_archiving_count = 5
+  # Deny old passwords (true, false, number_of_old_passwords_to_check)
+  # Examples:
+  # config.deny_old_passwords = false # allow old passwords
+  # config.deny_old_passwords = true # will deny all the old passwords
+  # config.deny_old_passwords = 3 # will deny new passwords that matches with the last 3 passwords
+  # config.deny_old_passwords = true
+  # enable email validation for :secure_validatable. (true, false, validation_options)
+  # dependency: see https://github.com/devise-security/devise-security/blob/master/README.md#e-mail-validation
+  # config.email_validation = true
+  # captcha integration for recover form
+  # config.captcha_for_recover = true
+  # captcha integration for sign up form
+  # config.captcha_for_sign_up = true
+  # captcha integration for sign in form
+  # config.captcha_for_sign_in = true
+  # captcha integration for unlock form
+  # config.captcha_for_unlock = true
+  # captcha integration for confirmation form
+  # config.captcha_for_confirmation = true
+  # Time period for account expiry from last_activity_at
+  # config.expire_after = 90.days
+  # Allow password to equal the email
+  # config.allow_passwords_equal_to_email = false
+  # paranoid_verification will regenerate verification code after failed attempt
+  # config.paranoid_code_regenerate_after_attempt = 10
+end