RubyGems - devise-security - Versions diffs - 0.12.0 → 0.18.0 - Mend

devise-security 0.12.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (195) hide show

checksums.yaml +4 -4
data/LICENSE.txt +3 -1
data/README.md +199 -65
data/app/controllers/devise/paranoid_verification_code_controller.rb +28 -12
data/app/controllers/devise/password_expired_controller.rb +34 -10
data/app/views/devise/paranoid_verification_code/show.html.erb +4 -4
data/app/views/devise/password_expired/show.html.erb +6 -6
data/config/locales/bg.yml +42 -0
data/config/locales/by.yml +50 -0
data/config/locales/cs.yml +46 -0
data/config/locales/de.yml +33 -7
data/config/locales/en.yml +26 -1
data/config/locales/es.yml +31 -6
data/config/locales/fa.yml +42 -0
data/config/locales/fr.yml +42 -0
data/config/locales/hi.yml +43 -0
data/config/locales/it.yml +36 -4
data/config/locales/ja.yml +42 -0
data/config/locales/nl.yml +42 -0
data/config/locales/pt.yml +42 -0
data/config/locales/ru.yml +50 -0
data/config/locales/tr.yml +42 -0
data/config/locales/uk.yml +50 -0
data/config/locales/zh_CN.yml +42 -0
data/config/locales/zh_TW.yml +42 -0
data/lib/devise-security/controllers/helpers.rb +74 -51
data/lib/devise-security/hooks/expirable.rb +6 -4
data/lib/devise-security/hooks/paranoid_verification.rb +3 -3
data/lib/devise-security/hooks/password_expirable.rb +5 -3
data/lib/devise-security/hooks/session_limitable.rb +31 -14
data/lib/devise-security/models/active_record/old_password.rb +5 -0
data/lib/devise-security/models/compatibility/active_record_patch.rb +41 -0
data/lib/devise-security/models/compatibility/mongoid_patch.rb +32 -0
data/lib/devise-security/models/compatibility.rb +8 -15
data/lib/devise-security/models/database_authenticatable_patch.rb +20 -10
data/lib/devise-security/models/expirable.rb +14 -7
data/lib/devise-security/models/mongoid/old_password.rb +21 -0
data/lib/devise-security/models/paranoid_verification.rb +4 -2
data/lib/devise-security/models/password_archivable.rb +19 -8
data/lib/devise-security/models/password_expirable.rb +103 -48
data/lib/devise-security/models/secure_validatable.rb +69 -12
data/lib/devise-security/models/security_questionable.rb +2 -0
data/lib/devise-security/models/session_limitable.rb +19 -2
data/lib/devise-security/orm/mongoid.rb +7 -0
data/lib/devise-security/patches/controller_captcha.rb +2 -0
data/lib/devise-security/patches/controller_security_question.rb +3 -1
data/lib/devise-security/patches.rb +16 -8
data/lib/devise-security/rails.rb +2 -0
data/lib/devise-security/routes.rb +4 -3
data/lib/devise-security/validators/password_complexity_validator.rb +62 -0
data/lib/devise-security/version.rb +3 -1
data/lib/devise-security.rb +23 -11
data/lib/generators/devise_security/install_generator.rb +6 -6
data/lib/generators/templates/devise_security.rb +52 -0
data/test/{test_captcha_controller.rb → controllers/test_captcha_controller.rb} +2 -0
data/test/controllers/test_paranoid_verification_code_controller.rb +133 -0
data/test/controllers/test_password_expired_controller.rb +164 -0
data/test/controllers/test_security_question_controller.rb +66 -0
data/test/dummy/Rakefile +3 -1
data/test/dummy/app/assets/config/manifest.js +3 -0
data/test/dummy/app/controllers/application_controller.rb +2 -0
data/test/dummy/app/controllers/captcha/sessions_controller.rb +2 -0
data/test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb +7 -0
data/test/dummy/app/controllers/overrides/password_expired_controller.rb +17 -0
data/test/dummy/app/controllers/security_question/unlocks_controller.rb +2 -0
data/test/dummy/app/controllers/widgets_controller.rb +9 -0
data/test/dummy/app/models/application_record.rb +10 -2
data/test/dummy/app/models/application_user_record.rb +12 -0
data/test/dummy/app/models/captcha_user.rb +7 -2
data/test/dummy/app/models/mongoid/confirmable_fields.rb +15 -0
data/test/dummy/app/models/mongoid/database_authenticable_fields.rb +18 -0
data/test/dummy/app/models/mongoid/expirable_fields.rb +13 -0
data/test/dummy/app/models/mongoid/lockable_fields.rb +15 -0
data/test/dummy/app/models/mongoid/mappings.rb +15 -0
data/test/dummy/app/models/mongoid/omniauthable_fields.rb +13 -0
data/test/dummy/app/models/mongoid/paranoid_verification_fields.rb +12 -0
data/test/dummy/app/models/mongoid/password_archivable_fields.rb +11 -0
data/test/dummy/app/models/mongoid/password_expirable_fields.rb +12 -0
data/test/dummy/app/models/mongoid/recoverable_fields.rb +13 -0
data/test/dummy/app/models/mongoid/registerable_fields.rb +21 -0
data/test/dummy/app/models/mongoid/rememberable_fields.rb +12 -0
data/test/dummy/app/models/mongoid/secure_validatable_fields.rb +13 -0
data/test/dummy/app/models/mongoid/security_questionable_fields.rb +15 -0
data/test/dummy/app/models/mongoid/session_limitable_fields.rb +12 -0
data/test/dummy/app/models/mongoid/timeoutable_fields.rb +11 -0
data/test/dummy/app/models/mongoid/trackable_fields.rb +16 -0
data/test/dummy/app/models/mongoid/validatable_fields.rb +9 -0
data/test/dummy/app/models/paranoid_verification_user.rb +26 -0
data/test/dummy/app/models/password_expired_user.rb +26 -0
data/test/dummy/app/models/security_question_user.rb +9 -4
data/test/dummy/app/models/user.rb +16 -1
data/test/dummy/app/models/widget.rb +4 -0
data/test/dummy/app/mongoid/admin.rb +31 -0
data/test/dummy/app/mongoid/one_user.rb +58 -0
data/test/dummy/app/mongoid/shim.rb +25 -0
data/test/dummy/app/mongoid/user_on_engine.rb +41 -0
data/test/dummy/app/mongoid/user_on_main_app.rb +41 -0
data/test/dummy/app/mongoid/user_with_validations.rb +37 -0
data/test/dummy/app/mongoid/user_without_email.rb +38 -0
data/test/dummy/config/application.rb +13 -11
data/test/dummy/config/boot.rb +3 -1
data/test/dummy/config/environment.rb +3 -1
data/test/dummy/config/environments/test.rb +6 -13
data/test/dummy/config/initializers/devise.rb +6 -3
data/test/dummy/config/initializers/migration_class.rb +3 -6
data/test/dummy/config/locales/en.yml +10 -0
data/test/dummy/config/mongoid.yml +6 -0
data/test/dummy/config/routes.rb +8 -3
data/test/dummy/config.ru +3 -1
data/test/dummy/db/migrate/20120508165529_create_tables.rb +17 -6
data/test/dummy/db/migrate/20150402165590_add_verification_columns.rb +2 -0
data/test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb +2 -0
data/test/dummy/db/migrate/20160320162345_add_security_questions_fields.rb +2 -0
data/test/dummy/db/migrate/20180318103603_add_expireable_columns.rb +2 -0
data/test/dummy/db/migrate/20180318105329_add_confirmable_columns.rb +2 -0
data/test/dummy/db/migrate/20180318105732_add_rememberable_columns.rb +2 -0
data/test/dummy/db/migrate/20180318111336_add_recoverable_columns.rb +2 -0
data/test/dummy/db/migrate/20180319114023_add_widget.rb +2 -0
data/test/dummy/lib/shared_expirable_columns.rb +15 -0
data/test/dummy/lib/shared_security_questions_fields.rb +17 -0
data/test/dummy/lib/shared_user.rb +43 -0
data/test/dummy/lib/shared_user_with_password_verification.rb +13 -0
data/test/dummy/lib/shared_user_without_omniauth.rb +24 -0
data/test/dummy/lib/shared_verification_fields.rb +16 -0
data/test/dummy/log/test.log +45240 -0
data/test/i18n_test.rb +22 -0
data/test/integration/test_paranoid_verification_code_workflow.rb +53 -0
data/test/integration/test_password_expirable_workflow.rb +53 -0
data/test/integration/test_session_limitable_workflow.rb +69 -0
data/test/orm/active_record.rb +15 -0
data/test/orm/mongoid.rb +13 -0
data/test/support/integration_helpers.rb +35 -0
data/test/support/mongoid.yml +6 -0
data/test/test_compatibility.rb +15 -0
data/test/test_complexity_validator.rb +282 -0
data/test/test_database_authenticatable_patch.rb +146 -0
data/test/test_helper.rb +41 -9
data/test/test_install_generator.rb +20 -3
data/test/test_paranoid_verification.rb +10 -9
data/test/test_password_archivable.rb +37 -13
data/test/test_password_expirable.rb +72 -9
data/test/test_secure_validatable.rb +289 -55
data/test/test_secure_validatable_overrides.rb +185 -0
data/test/test_session_limitable.rb +57 -0
data/test/tmp/config/initializers/devise_security.rb +52 -0
data/test/tmp/config/locales/devise.security_extension.by.yml +50 -0
data/test/tmp/config/locales/devise.security_extension.cs.yml +46 -0
data/test/tmp/config/locales/devise.security_extension.de.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.en.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.es.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.fa.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.fr.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.hi.yml +43 -0
data/test/tmp/config/locales/devise.security_extension.it.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.ja.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.nl.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.pt.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.ru.yml +50 -0
data/test/tmp/config/locales/devise.security_extension.tr.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.uk.yml +50 -0
data/test/tmp/config/locales/devise.security_extension.zh_CN.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.zh_TW.yml +42 -0
metadata +290 -124
data/.circleci/config.yml +0 -41
data/.document +0 -5
data/.gitignore +0 -40
data/.rubocop.yml +0 -63
data/.ruby-version +0 -1
data/.travis.yml +0 -25
data/Appraisals +0 -19
data/Gemfile +0 -3
data/Rakefile +0 -28
data/devise-security.gemspec +0 -44
data/gemfiles/rails_4.1_stable.gemfile +0 -8
data/gemfiles/rails_4.2_stable.gemfile +0 -8
data/gemfiles/rails_5.0_stable.gemfile +0 -8
data/gemfiles/rails_5.1_stable.gemfile +0 -8
data/gemfiles/rails_5.2_rc1.gemfile +0 -8
data/lib/devise-security/models/old_password.rb +0 -4
data/lib/devise-security/orm/active_record.rb +0 -18
data/lib/devise-security/patches/confirmations_controller_captcha.rb +0 -21
data/lib/devise-security/patches/confirmations_controller_security_question.rb +0 -24
data/lib/devise-security/patches/passwords_controller_captcha.rb +0 -20
data/lib/devise-security/patches/passwords_controller_security_question.rb +0 -23
data/lib/devise-security/patches/registrations_controller_captcha.rb +0 -33
data/lib/devise-security/patches/sessions_controller_captcha.rb +0 -24
data/lib/devise-security/patches/unlocks_controller_captcha.rb +0 -20
data/lib/devise-security/patches/unlocks_controller_security_question.rb +0 -23
data/lib/devise-security/schema.rb +0 -64
data/lib/generators/templates/devise-security.rb +0 -38
data/test/dummy/app/controllers/foos_controller.rb +0 -0
data/test/dummy/app/models/.gitkeep +0 -0
data/test/dummy/app/models/secure_user.rb +0 -3
data/test/test_password_expired_controller.rb +0 -44
data/test/test_security_question_controller.rb +0 -84

data/test/dummy/config/environment.rb CHANGED Viewed

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
 # Load the rails application
-require File.expand_path('../application', __FILE__)
+require File.expand_path('application', __dir__)
 # Initialize the rails application
 RailsApp::Application.initialize!

data/test/dummy/config/environments/test.rb CHANGED Viewed

@@ -1,14 +1,11 @@
+# frozen_string_literal: true
 RailsApp::Application.configure do
   config.cache_classes = true
   config.eager_load = false
-  if Rails.version > '5'
-    config.public_file_server.enabled = true
-    config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }
-  else
-    config.serve_static_files = true
-    config.static_cache_control = 'public, max-age=3600'
-  end
+  config.public_file_server.enabled = true
+  config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
@@ -25,11 +22,7 @@ RailsApp::Application.configure do
   config.active_support.test_order = :sorted
   config.log_level = :debug
-  if Rails.gem_version >= Gem::Version.new('4.2') && Rails.gem_version < Gem::Version.new('5.0')
-    config.active_record.raise_in_transactional_callbacks = true
-  end
-  if Rails.gem_version.release >= Gem::Version.new('5.2')
-    config.active_record.sqlite3.represent_boolean_as_integer = true
-  end
+  config.active_record.sqlite3.represent_boolean_as_integer = true if Rails.gem_version.release >= Gem::Version.new('5.2') && Rails.gem_version.release < Gem::Version.new('6.0')
+  config.active_record.legacy_connection_handling = false if Rails.gem_version.release >= Gem::Version.new('6.1')
 end
 ActiveSupport::Deprecation.debug = true

data/test/dummy/config/initializers/devise.rb CHANGED Viewed

@@ -1,10 +1,13 @@
+# frozen_string_literal: true
 require 'rails_email_validator'
+require "devise/orm/#{DEVISE_ORM}"
 Devise.setup do |config|
   config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
-  require 'devise/orm/active_record'
   config.secret_key = 'f08cf11a38906f531d2dfc9a2c2d671aa0021be806c21255d4'
   config.case_insensitive_keys = [:email]
   config.strip_whitespace_keys = [:email]
+  config.password_complexity = { digit: 1, lower: 1, upper: 1 }
+  config.password_length = 7..128
 end

data/test/dummy/config/initializers/migration_class.rb CHANGED Viewed

@@ -1,6 +1,3 @@
-MIGRATION_CLASS =
-  if ActiveRecord::VERSION::MAJOR >= 5
-    ActiveRecord::Migration[4.2]
-  else
-    ActiveRecord::Migration
-  end
+# frozen_string_literal: true
+MIGRATION_CLASS = ActiveRecord::Migration[Rails.version.to_f] if DEVISE_ORM == :active_record

data/test/dummy/config/locales/en.yml ADDED Viewed

@@ -0,0 +1,10 @@
+en:
+  errors:
+    messages:
+      password_complexity:
+        letter:
+          one: must contain at least one letter
+          other: must contain at least %{count} letters
+        alnum:
+          one: must contain at least one letter or number
+          other: must contain at least %{count} letters or numbers

data/test/dummy/config/mongoid.yml ADDED Viewed

@@ -0,0 +1,6 @@
+test:
+  clients:
+    default:
+      database: devise_security_test
+      hosts:
+        - localhost: <%= ENV.fetch('MONGODB_PORT', '27017') %>

data/test/dummy/config/routes.rb CHANGED Viewed

@@ -1,10 +1,15 @@
+# frozen_string_literal: true
 RailsApp::Application.routes.draw do
   devise_for :users
-  devise_for :captcha_users, only: [:sessions], controllers: { sessions: "captcha/sessions" }
-  devise_for :security_question_users, only: [:sessions, :unlocks], controllers: { unlocks: "security_question/unlocks" }
+  devise_for :captcha_users, only: [:sessions], controllers: { sessions: 'captcha/sessions' }
+  devise_for :password_expired_users, only: [:password_expired], controllers: { password_expired: 'overrides/password_expired' }
+  devise_for :paranoid_verification_users, only: [:verification_code], controllers: { paranoid_verification_code: 'overrides/paranoid_verification_code' }
+  devise_for :security_question_users, only: %i[sessions unlocks], controllers: { unlocks: 'security_question/unlocks' }
   resources :foos
+  resource :widgets
-  root to: 'foos#index'
+  root to: 'widgets#show'
 end

data/test/dummy/config.ru CHANGED Viewed

@@ -1,4 +1,6 @@
+# frozen_string_literal: true
 # This file is used by Rack-based servers to start the application.
-require ::File.expand_path('../config/environment',  __FILE__)
+require ::File.expand_path('config/environment', __dir__)
 run RailsApp::Application

data/test/dummy/db/migrate/20120508165529_create_tables.rb CHANGED Viewed

@@ -1,15 +1,26 @@
+# frozen_string_literal: true
 class CreateTables < MIGRATION_CLASS
-  def self.up
+  def self.up # rubocop:disable Metrics/AbcSize
     create_table :users do |t|
       t.string :username
       t.string :facebook_token
-      t.string :unique_session_id, :limit => 20
+      # session_limitable
+      t.string :unique_session_id
       ## Database authenticatable
       t.string :email,              null: false, default: ''
       t.string :encrypted_password, null: false, default: ''
       t.datetime :password_changed_at
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string :current_sign_in_ip
+      t.string :last_sign_in_ip
+      t.integer :sign_in_count, default: 0
+      t.integer :failed_attempts, default: 0
       t.timestamps null: false
     end
     add_index :users, :password_changed_at
@@ -22,13 +33,13 @@ class CreateTables < MIGRATION_CLASS
     end
     create_table :old_passwords do |t|
-      t.string :encrypted_password, :null => false
+      t.string :encrypted_password, null: false
       t.string :password_salt
-      t.string :password_archivable_type, :null => false
-      t.integer :password_archivable_id, :null => false
+      t.string :password_archivable_type, null: false
+      t.integer :password_archivable_id, null: false
       t.datetime :created_at
     end
-    add_index :old_passwords, [:password_archivable_type, :password_archivable_id], :name => :index_password_archivable
+    add_index :old_passwords, %i[password_archivable_type password_archivable_id], name: 'index_password_archivable'
   end
   def self.down

data/test/dummy/db/migrate/20150402165590_add_verification_columns.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class AddVerificationColumns < MIGRATION_CLASS
   def self.up
     add_column :users, :paranoid_verification_code, :string

data/test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class AddVerificationAttemptColumn < MIGRATION_CLASS
   def self.up
     add_column :users, :paranoid_verification_attempt, :integer, default: 0

data/test/dummy/db/migrate/20160320162345_add_security_questions_fields.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class AddSecurityQuestionsFields < MIGRATION_CLASS
   def change
     add_column :users, :locked_at, :datetime

data/test/dummy/db/migrate/20180318103603_add_expireable_columns.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class AddExpireableColumns < MIGRATION_CLASS
   def change
     add_column :users, :expired_at, :datetime

data/test/dummy/db/migrate/20180318105329_add_confirmable_columns.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class AddConfirmableColumns < MIGRATION_CLASS
   def change
     add_column :users, :confirmation_token, :string

data/test/dummy/db/migrate/20180318105732_add_rememberable_columns.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class AddRememberableColumns < MIGRATION_CLASS
   def change
     add_column :users, :remember_created_at, :datetime

data/test/dummy/db/migrate/20180318111336_add_recoverable_columns.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class AddRecoverableColumns < MIGRATION_CLASS
   def change
     add_column :users, :reset_password_token, :string

data/test/dummy/db/migrate/20180319114023_add_widget.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class AddWidget < MIGRATION_CLASS
   def change
     create_table :widgets do |t|

data/test/dummy/lib/shared_expirable_columns.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+require 'shared_user'
+module SharedVerificationColumns
+  extend ActiveSupport::Concern
+  included do
+    include SharedUser
+    devise :expirable
+    field :expired_at, type: Time
+    field :last_activity_at, type: Time
+  end
+end

data/test/dummy/lib/shared_security_questions_fields.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+require 'shared_user'
+module SharedSecurityQuestionsFields
+  extend ActiveSupport::Concern
+  included do
+    include SharedUser
+    devise :lockable, :security_questionable
+    field :locked_at, type: Time
+    field :unlock_token, type: String
+    field :security_question_id, type: Integer
+    field :security_question_answer, type: String
+  end
+end

data/test/dummy/lib/shared_user.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+module SharedUser
+  extend ActiveSupport::Concern
+  included do
+    devise(
+      :database_authenticatable,
+      :confirmable,
+      :lockable,
+      :recoverable,
+      :registerable,
+      :rememberable,
+      :timeoutable,
+      :trackable,
+      :secure_validatable,
+      :omniauthable,
+      :validatable,
+      password_length: 7..72,
+      reconfirmable: false
+    )
+    attr_accessor :other_key
+    # They need to be included after Devise is called.
+    extend ExtendMethods
+  end
+  def raw_confirmation_token
+    @raw_confirmation_token
+  end
+  module ExtendMethods
+    def new_with_session(params, session)
+      super.tap do |user|
+        if (data = session['devise.facebook_data'])
+          user.email = data['email']
+          user.confirmed_at = Time.zone.now
+        end
+      end
+    end
+  end
+end

data/test/dummy/lib/shared_user_with_password_verification.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module SharedUserWithPasswordVerification
+  extend ActiveSupport::Concern
+  included do
+    include SharedVerificationFields
+  end
+  def raw_confirmation_token
+    @raw_confirmation_token
+  end
+end

data/test/dummy/lib/shared_user_without_omniauth.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+module SharedUserWithoutOmniauth
+  extend ActiveSupport::Concern
+  included do
+    devise(
+      :database_authenticatable,
+      :confirmable,
+      :lockable,
+      :recoverable,
+      :registerable,
+      :rememberable,
+      :timeoutable,
+      :trackable,
+      :validatable,
+      reconfirmable: false
+    )
+  end
+  def raw_confirmation_token
+    @raw_confirmation_token
+  end
+end

data/test/dummy/lib/shared_verification_fields.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+require 'shared_user'
+module SharedVerificationFields
+  extend ActiveSupport::Concern
+  included do
+    include SharedUser
+    devise :paranoid_verification
+    field :paranoid_verified_at, type: Time
+    field :paranoid_verification_attempt, type: Integer, default: 0
+    field :paranoid_verification_code, type: String
+  end
+end