devise-security 0.14.1 → 0.18.0

data/.rubocop.yml

@@ -1,64 +0,0 @@
-AllCops:
-  TargetRubyVersion: 2.4
-  Include:
-    - '**/Rakefile'
-    - '**/config.ru'
-    - 'lib/tasks/**/*'
-  Exclude:
-    - Gemfile*
-    - README
-    - 'db/**/*'
-    - 'config/**/*'
-    - 'bin/**/*'
-    - 'vendor/bundle/**/*'
-    - 'spec/support/**/*' # rspec support helpers have a strange api
-
-Rails:
-  Enabled: true
-
-# We don't care about method length, since we check method cyclomatic
-# complexity.
-Metrics/MethodLength:
-  Enabled: false
-
-Metrics/LineLength:
-  Enabled: false
-
-Naming/FileName:
-  Exclude: ["devise-security.gemspec"]
-
-Style/ClassAndModuleChildren:
-  EnforcedStyle: compact
-  SupportedStyles:
-    - nested
-    - compact
-
-Style/HashSyntax:
-  EnforcedStyle: ruby19
-
-Style/SymbolArray:
-  EnforcedStyle: brackets
-
-# Trailing commas make for clearer diffs because the last line won't appear
-# to have been changed, as it would if it lacked a comma and had one added.
-Style/TrailingCommaInArrayLiteral:
-  EnforcedStyleForMultiline: comma
-Style/TrailingCommaInHashLiteral:
-  EnforcedStyleForMultiline: comma
-Style/TrailingCommaInArguments:
-  EnforcedStyleForMultiline: comma
-
-# Cop supports --auto-correct.
-# Configuration parameters: PreferredDelimiters.
-Style/PercentLiteralDelimiters:
-  PreferredDelimiters:
-    # Using `[]` for string arrays instead of `()`, since normal arrays are
-    # indicated with `[]` not `()`.
-    '%w': '[]'
-    '%W': '[]'
-
-Style/AndOr:
-  # Whether `and` and `or` are banned only in conditionals (conditionals)
-  # or completely (always).
-  # They read better, more like normal English.
-  Enabled: false

data/.ruby-version

@@ -1 +0,0 @@
-2.4.6

data/.travis.yml

@@ -1,39 +0,0 @@
-language: ruby
-dist: xenial
-before_install:
-  # install bundler < 2 because Rails 4.2 is incompatible with bundler >= 2
-  - gem install bundler -v '1.17.3'
-install: bundle _1.17.3_ install --jobs=2 --retry=2 --path=${BUNDLE_PATH:-vendor/bundle}
-cache: bundler
-script: bundle exec rake
-rvm:
-  - 2.4
-  - 2.5
-  - 2.6
-  - ruby-head
-env:
-  matrix:
-    - DEVISE_ORM=active_record
-    - DEVISE_ORM=mongoid
-services:
-  - mongodb
-matrix:
-  exclude:
-    # Skip these combinations because they have incompatible dependencies
-    # and will always fail.
-    - rvm: 2.6
-      gemfile: gemfiles/rails_4.2_stable.gemfile
-    - rvm: ruby-head
-      gemfile: gemfiles/rails_4.2_stable.gemfile
-    - rvm: 2.4
-      gemfile: gemfiles/rails_6.0_beta.gemfile
-  allow_failures:
-    # edge, not expected to pass
-    - rvm: ruby-head
-    - gemfile: gemfiles/rails_6.0_beta.gemfile
-gemfile:
-  - gemfiles/rails_4.2_stable.gemfile
-  - gemfiles/rails_5.0_stable.gemfile
-  - gemfiles/rails_5.1_stable.gemfile
-  - gemfiles/rails_5.2_stable.gemfile
-  - gemfiles/rails_6.0_beta.gemfile

data/Appraisals

@@ -1,35 +0,0 @@
-appraise 'rails-4.2-stable' do
-  gem 'rails', '~> 4.2.0'
-  gem 'bundler', '< 2'
-  group :mongoid do
-    gem "mongoid", "~> 4.0"
-  end
-end
-
-appraise 'rails-5.0-stable' do
-  gem 'rails', '~> 5.0.0'
-  group :mongoid do
-    gem "mongoid", "~> 6.0"
-  end
-end
-
-appraise 'rails-5.1-stable' do
-  gem 'rails', '~> 5.1.0'
-  group :mongoid do
-    gem "mongoid", "~> 6.0"
-  end
-end
-
-appraise 'rails-5.2-stable' do
-  gem 'rails', '~> 5.2.0'
-  group :mongoid do
-    gem "mongoid", "~> 6.0"
-  end
-end
-
-appraise 'rails-6.0-beta' do
-  gem 'rails', '~> 6.0.0.beta3'
-  group :mongoid do
-    gem "mongoid", "~> 6.0"
-  end
-end

data/Gemfile

@@ -1,10 +0,0 @@
-source "https://rubygems.org"
-gemspec
-
-group :active_record do
-  gem 'sqlite3', '~> 1.3.0'
-end
-
-group :mongoid do
-  gem 'mongoid'
-end

data/Rakefile

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-$LOAD_PATH.unshift File.join(File.dirname(__FILE__), 'lib')
-require 'bundler/gem_tasks'
-require 'rake/testtask'
-require 'rdoc/task'
-require 'devise-security/version'
-
-desc 'Default: Run DeviseSecurity unit tests'
-task default: :test
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << 'lib'
-  t.libs << 'test'
-  t.test_files = FileList['test/*test*.rb']
-  t.verbose = true
-  t.warning = false
-end
-
-Rake::RDocTask.new do |rdoc|
-  version = DeviseSecurity::VERSION.dup
-
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "devise-security #{version}"
-  rdoc.rdoc_files.include('README*')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end

data/devise-security.gemspec

@@ -1,50 +0,0 @@
-# -*- encoding: utf-8 -*-
-# frozen_string_literal: true
-
-$LOAD_PATH.push File.expand_path('../lib', __FILE__)
-require 'devise-security/version'
-
-Gem::Specification.new do |s|
-  s.name        = 'devise-security'
-  s.version     = DeviseSecurity::VERSION.dup
-  s.platform    = Gem::Platform::RUBY
-  s.licenses    = ['MIT']
-  s.summary     = 'Security extension for devise'
-  s.email       = 'natebird@gmail.com'
-  s.homepage    = 'https://github.com/devise-security/devise-security'
-  s.description = 'An enterprise security extension for devise.'
-  s.authors     = [
-    'Marco Scholl',
-    'Alexander Dreher',
-    'Nate Bird',
-    'Dillon Welch',
-    'Kevin Olbrich'
-  ]
-
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- test/*`.split("\n")
-  s.require_paths = ['lib']
-  s.required_ruby_version = '>= 2.3.0'
-
-  if RUBY_VERSION >= '2.4'
-    s.add_runtime_dependency 'rails', '>= 4.2.0', '< 7.0'
-  else
-    s.add_runtime_dependency 'railties', '>= 4.2.0', '< 6.0'
-  end
-  s.add_runtime_dependency 'devise', '>= 4.3.0', '< 5.0'
-
-  s.add_development_dependency 'appraisal'
-  s.add_development_dependency 'bundler'
-  s.add_development_dependency 'coveralls'
-  s.add_development_dependency 'database_cleaner'
-  s.add_development_dependency 'easy_captcha'
-  s.add_development_dependency 'm'
-  s.add_development_dependency 'minitest'
-  s.add_development_dependency 'omniauth'
-  s.add_development_dependency 'pry-byebug'
-  s.add_development_dependency 'pry-rescue'
-  s.add_development_dependency 'rails_email_validator'
-  s.add_development_dependency 'rubocop', '~> 0.66.0'
-  s.add_development_dependency 'sqlite3'
-  s.add_development_dependency 'wwtd'
-end

data/gemfiles/rails_4.2_stable.gemfile

@@ -1,16 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 4.2.0"
-gem "bundler", "< 2"
-
-group :active_record do
-  gem "sqlite3", "~> 1.3.0"
-end
-
-group :mongoid do
-  gem "mongoid", "~> 4.0"
-end
-
-gemspec path: "../"

data/gemfiles/rails_5.0_stable.gemfile

@@ -1,15 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 5.0.0"
-
-group :active_record do
-  gem "sqlite3", "~> 1.3.0"
-end
-
-group :mongoid do
-  gem "mongoid", "~> 6.0"
-end
-
-gemspec path: "../"

data/gemfiles/rails_5.1_stable.gemfile

@@ -1,15 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 5.1.0"
-
-group :active_record do
-  gem "sqlite3", "~> 1.3.0"
-end
-
-group :mongoid do
-  gem "mongoid", "~> 6.0"
-end
-
-gemspec path: "../"

data/gemfiles/rails_5.2_stable.gemfile

@@ -1,15 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 5.2.0"
-
-group :active_record do
-  gem "sqlite3", "~> 1.3.0"
-end
-
-group :mongoid do
-  gem "mongoid", "~> 6.0"
-end
-
-gemspec path: "../"

data/gemfiles/rails_6.0_beta.gemfile

@@ -1,15 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 6.0.0.beta1"
-
-group :active_record do
-  gem "sqlite3", "~> 1.3.0"
-end
-
-group :mongoid do
-  gem "mongoid", "~> 6.0"
-end
-
-gemspec path: "../"

data/lib/devise-security/orm/active_record.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-module DeviseSecurity
-  module Orm
-    # This module contains some helpers and handle schema (migrations):
-    #
-    #   create_table :accounts do |t|
-    #     t.password_expirable
-    #   end
-    #
-    module ActiveRecord
-      module Schema
-        include DeviseSecurity::Schema
-      end
-    end
-  end
-end
-
-ActiveRecord::ConnectionAdapters::Table.send :include, DeviseSecurity::Orm::ActiveRecord::Schema
-ActiveRecord::ConnectionAdapters::TableDefinition.send :include, DeviseSecurity::Orm::ActiveRecord::Schema

data/lib/devise-security/patches/confirmations_controller_captcha.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-module DeviseSecurity::Patches
-  module ConfirmationsControllerCaptcha
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        if valid_captcha_if_defined?(params[:captcha])
-          self.resource = resource_class.send_confirmation_instructions(params[resource_name])
-
-          if successfully_sent?(resource)
-            respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
-          respond_with({}, location: new_confirmation_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/confirmations_controller_security_question.rb

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-module DeviseSecurity::Patches
-  module ConfirmationsControllerSecurityQuestion
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        # only find via email, not login
-        resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
-
-        if valid_captcha_or_security_question?(resource, params)
-          self.resource = resource_class.send_confirmation_instructions(params[resource_name])
-
-          if successfully_sent?(resource)
-            respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
-          respond_with({}, location: new_confirmation_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/passwords_controller_captcha.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-module DeviseSecurity::Patches
-  module PasswordsControllerCaptcha
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        if valid_captcha_if_defined?(params[:captcha])
-          self.resource = resource_class.send_reset_password_instructions(params[resource_name])
-          if successfully_sent?(resource)
-            respond_with({}, location: new_session_path(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
-          respond_with({}, location: new_password_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/passwords_controller_security_question.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-module DeviseSecurity::Patches
-  module PasswordsControllerSecurityQuestion
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        # only find via email, not login
-        resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
-
-        if valid_captcha_or_security_question?(resource, params)
-          self.resource = resource_class.send_reset_password_instructions(params[resource_name])
-          if successfully_sent?(resource)
-            respond_with({}, location: new_session_path(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
-          respond_with({}, location: new_password_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/registrations_controller_captcha.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-module DeviseSecurity::Patches
-  module RegistrationsControllerCaptcha
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do |&block|
-        build_resource(sign_up_params)
-
-        if valid_captcha_if_defined?(params[:captcha])
-          if resource.save
-            block.call(resource) if block
-            if resource.active_for_authentication?
-              set_flash_message :notice, :signed_up if is_flashing_format?
-              sign_up(resource_name, resource)
-              respond_with resource, location: after_sign_up_path_for(resource)
-            else
-              set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
-              expire_data_after_sign_in!
-              respond_with resource, location: after_inactive_sign_up_path_for(resource)
-            end
-          else
-            clean_up_passwords resource
-            respond_with resource
-          end
-
-        else
-          resource.errors.add :base, t('devise.invalid_captcha')
-          clean_up_passwords resource
-          respond_with resource
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/sessions_controller_captcha.rb

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-module DeviseSecurity::Patches
-  module SessionsControllerCaptcha
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do |&block|
-        if valid_captcha_if_defined?(params[:captcha])
-          self.resource = warden.authenticate!(auth_options)
-          set_flash_message(:notice, :signed_in) if is_flashing_format?
-          sign_in(resource_name, resource)
-          block.call(resource) if block
-          respond_with resource, location: after_sign_in_path_for(resource)
-        else
-          flash[:alert] = t('devise.invalid_captcha') if is_flashing_format?
-          respond_with({}, location: new_session_path(resource_name))
-        end
-      end
-
-      # for bad protected use in controller
-      define_method :auth_options do
-        { scope: resource_name, recall: "#{controller_path}#new" }
-      end
-    end
-  end
-end

data/lib/devise-security/patches/unlocks_controller_captcha.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-module DeviseSecurity::Patches
-  module UnlocksControllerCaptcha
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        if valid_captcha_if_defined?(params[:captcha])
-          self.resource = resource_class.send_unlock_instructions(params[resource_name])
-          if successfully_sent?(resource)
-            respond_with({}, location: new_session_path(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
-          respond_with({}, location: new_unlock_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/unlocks_controller_security_question.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-module DeviseSecurity::Patches
-  module UnlocksControllerSecurityQuestion
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        # only find via email, not login
-        resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
-
-        if valid_captcha_or_security_question?(resource, params)
-          self.resource = resource_class.send_unlock_instructions(params[resource_name])
-          if successfully_sent?(resource)
-            respond_with({}, location: new_session_path(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
-          respond_with({}, location: new_unlock_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/schema.rb

@@ -1,66 +0,0 @@
-# frozen_string_literal: true
-
-module DeviseSecurity
-  # add schema helper for migrations
-  module Schema
-    # Add password_changed_at columns in the resource's database table.
-    #
-    # Examples
-    #
-    # # For a new resource migration:
-    # create_table :the_resources do |t|
-    #   t.password_expirable
-    # ...
-    # end
-    #
-    # # or if the resource's table already exists, define a migration and put this in:
-    # change_table :the_resources do |t|
-    #   t.datetime :password_changed_at
-    # end
-    #
-    def password_expirable
-      apply_devise_schema :password_changed_at, DateTime
-    end
-
-    # Add password_archivable columns
-    #
-    # Examples
-    #
-    # create_table :old_passwords do
-    #   t.password_archivable
-    # end
-    # add_index :old_passwords, [:password_archivable_type, :password_archivable_id], name: 'index_password_archivable'
-    #
-    def password_archivable
-      apply_devise_schema :encrypted_password, String, limit: 128, null: false
-      apply_devise_schema :password_salt, String
-      apply_devise_schema :password_archivable_id, Integer, null: false
-      apply_devise_schema :password_archivable_type, String, null: false
-      apply_devise_schema :created_at, DateTime
-    end
-
-    # Add session_limitable columns in the resource's database table.
-    #
-    # Examples
-    #
-    # # For a new resource migration:
-    # create_table :the_resources do |t|
-    #   t.session_limitable
-    # ...
-    # end
-    #
-    # # or if the resource's table already exists, define a migration and put this in:
-    # change_table :the_resources do |t|
-    #   t.string :unique_session_id, limit: 20
-    # end
-    #
-    def session_limitable
-      apply_devise_schema :unique_session_id, String, limit: 20
-    end
-
-    def expirable
-      apply_devise_schema :expired_at, DateTime
-      apply_devise_schema :last_activity_at, DateTime
-    end
-  end
-end

data/test/dummy/app/models/secure_user.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-class SecureUser < ApplicationUserRecord
-  devise :database_authenticatable, :secure_validatable, email_validation: false
-  if DEVISE_ORM == :mongoid
-    require './test/dummy/app/models/mongoid/mappings'
-    include ::Mongoid::Mappings
-  end
-end

data/test/dummy/lib/shared_user_without_email.rb

@@ -1,28 +0,0 @@
-# frozen_string_literal: true
-
-module SharedUserWithoutEmail
-  extend ActiveSupport::Concern
-
-  included do
-    # NOTE: This is missing :validatable and :confirmable, as they both require
-    # an email field at the moment. It is also missing :omniauthable because that
-    # adds unnecessary complexity to the setup
-    devise :database_authenticatable, :lockable, :recoverable,
-           :registerable, :rememberable, :timeoutable,
-           :trackable
-  end
-
-  # This test stub is a bit rubbish because it's tied very closely to the
-  # implementation where we care about this one case. However, completely
-  # removing the email field breaks "recoverable" tests completely, so we are
-  # just taking the approach here that "email" is something that is a not an
-  # ActiveRecord field.
-  def email_changed?
-    raise NoMethodError
-  end
-
-  def respond_to?(method_name, include_all=false)
-    return false if method_name.to_sym == :email_changed?
-    super(method_name, include_all)
-  end
-end