RubyGems - devise-security - Versions diffs - 0.14.2 → 0.17.0 - Mend

devise-security 0.14.2 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (144) hide show

checksums.yaml +4 -4
data/README.md +125 -59
data/app/controllers/devise/paranoid_verification_code_controller.rb +13 -1
data/app/controllers/devise/password_expired_controller.rb +24 -6
data/app/views/devise/paranoid_verification_code/show.html.erb +3 -3
data/app/views/devise/password_expired/show.html.erb +5 -5
data/config/locales/bg.yml +41 -0
data/config/locales/by.yml +49 -0
data/config/locales/cs.yml +41 -0
data/config/locales/de.yml +15 -2
data/config/locales/en.yml +15 -2
data/config/locales/es.yml +10 -9
data/config/locales/fa.yml +41 -0
data/config/locales/fr.yml +1 -0
data/config/locales/hi.yml +42 -0
data/config/locales/it.yml +35 -4
data/config/locales/ja.yml +2 -1
data/config/locales/nl.yml +41 -0
data/config/locales/pt.yml +41 -0
data/config/locales/ru.yml +49 -0
data/config/locales/tr.yml +1 -0
data/config/locales/uk.yml +49 -0
data/config/locales/zh_CN.yml +41 -0
data/config/locales/zh_TW.yml +41 -0
data/lib/devise-security/controllers/helpers.rb +59 -50
data/lib/devise-security/hooks/password_expirable.rb +2 -0
data/lib/devise-security/hooks/session_limitable.rb +21 -11
data/lib/devise-security/models/database_authenticatable_patch.rb +15 -5
data/lib/devise-security/models/password_archivable.rb +2 -2
data/lib/devise-security/models/password_expirable.rb +5 -1
data/lib/devise-security/models/secure_validatable.rb +56 -6
data/lib/devise-security/models/session_limitable.rb +10 -1
data/lib/devise-security/validators/password_complexity_validator.rb +53 -24
data/lib/devise-security/version.rb +1 -1
data/lib/devise-security.rb +13 -5
data/lib/generators/devise_security/install_generator.rb +3 -3
data/lib/generators/templates/{devise-security.rb → devise_security.rb} +6 -1
data/test/controllers/test_paranoid_verification_code_controller.rb +68 -0
data/test/controllers/test_password_expired_controller.rb +121 -19
data/test/controllers/test_security_question_controller.rb +16 -40
data/test/dummy/app/assets/config/manifest.js +3 -0
data/test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb +7 -0
data/test/dummy/app/controllers/overrides/password_expired_controller.rb +7 -0
data/test/dummy/app/controllers/widgets_controller.rb +3 -0
data/test/dummy/app/models/application_user_record.rb +2 -1
data/test/dummy/app/models/mongoid/confirmable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/database_authenticable_fields.rb +4 -3
data/test/dummy/app/models/mongoid/expirable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/lockable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/mappings.rb +4 -2
data/test/dummy/app/models/mongoid/omniauthable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/paranoid_verification_fields.rb +2 -0
data/test/dummy/app/models/mongoid/password_archivable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/password_expirable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/recoverable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/registerable_fields.rb +4 -2
data/test/dummy/app/models/mongoid/rememberable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/secure_validatable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/security_questionable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/session_limitable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/timeoutable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/trackable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/validatable_fields.rb +2 -0
data/test/dummy/app/models/paranoid_verification_user.rb +26 -0
data/test/dummy/app/models/password_expired_user.rb +26 -0
data/test/dummy/app/models/user.rb +1 -2
data/test/dummy/app/models/widget.rb +1 -3
data/test/dummy/app/mongoid/one_user.rb +5 -5
data/test/dummy/app/mongoid/user_on_engine.rb +2 -2
data/test/dummy/app/mongoid/user_on_main_app.rb +2 -2
data/test/dummy/app/mongoid/user_with_validations.rb +3 -3
data/test/dummy/app/mongoid/user_without_email.rb +3 -3
data/test/dummy/config/application.rb +4 -4
data/test/dummy/config/boot.rb +1 -1
data/test/dummy/config/environment.rb +1 -1
data/test/dummy/config/environments/test.rb +3 -13
data/test/dummy/config/initializers/migration_class.rb +1 -8
data/test/dummy/config/locales/en.yml +10 -0
data/test/dummy/config/mongoid.yml +1 -1
data/test/dummy/config/routes.rb +5 -3
data/test/dummy/db/migrate/20120508165529_create_tables.rb +3 -3
data/test/dummy/lib/shared_expirable_columns.rb +1 -0
data/test/dummy/lib/shared_security_questions_fields.rb +1 -0
data/test/dummy/lib/shared_user.rb +17 -6
data/test/dummy/lib/shared_user_without_email.rb +2 -1
data/test/dummy/lib/shared_user_without_omniauth.rb +12 -3
data/test/dummy/lib/shared_verification_fields.rb +1 -0
data/test/dummy/{app/models/.gitkeep → log/development.log} +0 -0
data/test/dummy/log/test.log +101533 -0
data/test/integration/test_password_expirable_workflow.rb +53 -0
data/test/integration/test_session_limitable_workflow.rb +2 -0
data/test/orm/active_record.rb +7 -4
data/test/orm/mongoid.rb +2 -1
data/test/support/integration_helpers.rb +15 -33
data/test/support/mongoid.yml +1 -1
data/test/test_compatibility.rb +2 -0
data/test/test_complexity_validator.rb +250 -29
data/test/test_database_authenticatable_patch.rb +146 -0
data/test/test_helper.rb +12 -6
data/test/test_install_generator.rb +12 -2
data/test/test_paranoid_verification.rb +0 -1
data/test/test_password_archivable.rb +34 -11
data/test/test_password_expirable.rb +26 -26
data/test/test_secure_validatable.rb +292 -50
data/test/test_secure_validatable_overrides.rb +185 -0
data/test/test_session_limitable.rb +27 -1
data/test/tmp/config/initializers/devise_security.rb +49 -0
data/test/tmp/config/locales/devise.security_extension.by.yml +49 -0
data/test/tmp/config/locales/devise.security_extension.cs.yml +41 -0
data/test/tmp/config/locales/devise.security_extension.de.yml +41 -0
data/test/tmp/config/locales/devise.security_extension.en.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.es.yml +30 -0
data/test/tmp/config/locales/devise.security_extension.fa.yml +41 -0
data/test/tmp/config/locales/devise.security_extension.fr.yml +30 -0
data/test/tmp/config/locales/devise.security_extension.hi.yml +42 -0
data/test/tmp/config/locales/devise.security_extension.it.yml +41 -0
data/test/tmp/config/locales/devise.security_extension.ja.yml +30 -0
data/test/tmp/config/locales/devise.security_extension.nl.yml +41 -0
data/test/tmp/config/locales/devise.security_extension.pt.yml +41 -0
data/test/tmp/config/locales/devise.security_extension.ru.yml +49 -0
data/test/tmp/config/locales/devise.security_extension.tr.yml +18 -0
data/test/tmp/config/locales/devise.security_extension.uk.yml +49 -0
data/test/tmp/config/locales/devise.security_extension.zh_CN.yml +41 -0
data/test/tmp/config/locales/devise.security_extension.zh_TW.yml +41 -0
metadata +168 -132
data/.codeclimate.yml +0 -63
data/.document +0 -5
data/.gitignore +0 -43
data/.mdlrc +0 -1
data/.rubocop.yml +0 -64
data/.ruby-version +0 -1
data/.travis.yml +0 -39
data/Appraisals +0 -35
data/Gemfile +0 -10
data/Rakefile +0 -27
data/devise-security.gemspec +0 -50
data/gemfiles/rails_4.2_stable.gemfile +0 -16
data/gemfiles/rails_5.0_stable.gemfile +0 -15
data/gemfiles/rails_5.1_stable.gemfile +0 -15
data/gemfiles/rails_5.2_stable.gemfile +0 -15
data/gemfiles/rails_6.0_beta.gemfile +0 -15
data/lib/devise-security/orm/active_record.rb +0 -20
data/lib/devise-security/schema.rb +0 -66
data/test/dummy/app/models/secure_user.rb +0 -9

data/.rubocop.yml DELETED Viewed

@@ -1,64 +0,0 @@
-AllCops:
-  TargetRubyVersion: 2.4
-  Include:
-    - '**/Rakefile'
-    - '**/config.ru'
-    - 'lib/tasks/**/*'
-  Exclude:
-    - Gemfile*
-    - README
-    - 'db/**/*'
-    - 'config/**/*'
-    - 'bin/**/*'
-    - 'vendor/bundle/**/*'
-    - 'spec/support/**/*' # rspec support helpers have a strange api
-Rails:
-  Enabled: true
-# We don't care about method length, since we check method cyclomatic
-# complexity.
-Metrics/MethodLength:
-  Enabled: false
-Metrics/LineLength:
-  Enabled: false
-Naming/FileName:
-  Exclude: ["devise-security.gemspec"]
-Style/ClassAndModuleChildren:
-  EnforcedStyle: compact
-  SupportedStyles:
-    - nested
-    - compact
-Style/HashSyntax:
-  EnforcedStyle: ruby19
-Style/SymbolArray:
-  EnforcedStyle: brackets
-# Trailing commas make for clearer diffs because the last line won't appear
-# to have been changed, as it would if it lacked a comma and had one added.
-Style/TrailingCommaInArrayLiteral:
-  EnforcedStyleForMultiline: comma
-Style/TrailingCommaInHashLiteral:
-  EnforcedStyleForMultiline: comma
-Style/TrailingCommaInArguments:
-  EnforcedStyleForMultiline: comma
-# Cop supports --auto-correct.
-# Configuration parameters: PreferredDelimiters.
-Style/PercentLiteralDelimiters:
-  PreferredDelimiters:
-    # Using `[]` for string arrays instead of `()`, since normal arrays are
-    # indicated with `[]` not `()`.
-    '%w': '[]'
-    '%W': '[]'
-Style/AndOr:
-  # Whether `and` and `or` are banned only in conditionals (conditionals)
-  # or completely (always).
-  # They read better, more like normal English.
-  Enabled: false

data/.ruby-version DELETED Viewed

	@@ -1 +0,0 @@
1	- 2.4.6

data/.travis.yml DELETED Viewed

@@ -1,39 +0,0 @@
-language: ruby
-dist: xenial
-before_install:
-  # install bundler < 2 because Rails 4.2 is incompatible with bundler >= 2
-  - gem install bundler -v '1.17.3'
-install: bundle _1.17.3_ install --jobs=2 --retry=2 --path=${BUNDLE_PATH:-vendor/bundle}
-cache: bundler
-script: bundle exec rake
-rvm:
-  - 2.4
-  - 2.5
-  - 2.6
-  - ruby-head
-env:
-  matrix:
-    - DEVISE_ORM=active_record
-    - DEVISE_ORM=mongoid
-services:
-  - mongodb
-matrix:
-  exclude:
-    # Skip these combinations because they have incompatible dependencies
-    # and will always fail.
-    - rvm: 2.6
-      gemfile: gemfiles/rails_4.2_stable.gemfile
-    - rvm: ruby-head
-      gemfile: gemfiles/rails_4.2_stable.gemfile
-    - rvm: 2.4
-      gemfile: gemfiles/rails_6.0_beta.gemfile
-  allow_failures:
-    # edge, not expected to pass
-    - rvm: ruby-head
-    - gemfile: gemfiles/rails_6.0_beta.gemfile
-gemfile:
-  - gemfiles/rails_4.2_stable.gemfile
-  - gemfiles/rails_5.0_stable.gemfile
-  - gemfiles/rails_5.1_stable.gemfile
-  - gemfiles/rails_5.2_stable.gemfile
-  - gemfiles/rails_6.0_beta.gemfile

data/Appraisals DELETED Viewed

@@ -1,35 +0,0 @@
-appraise 'rails-4.2-stable' do
-  gem 'rails', '~> 4.2.0'
-  gem 'bundler', '< 2'
-  group :mongoid do
-    gem "mongoid", "~> 4.0"
-  end
-end
-appraise 'rails-5.0-stable' do
-  gem 'rails', '~> 5.0.0'
-  group :mongoid do
-    gem "mongoid", "~> 6.0"
-  end
-end
-appraise 'rails-5.1-stable' do
-  gem 'rails', '~> 5.1.0'
-  group :mongoid do
-    gem "mongoid", "~> 6.0"
-  end
-end
-appraise 'rails-5.2-stable' do
-  gem 'rails', '~> 5.2.0'
-  group :mongoid do
-    gem "mongoid", "~> 6.0"
-  end
-end
-appraise 'rails-6.0-beta' do
-  gem 'rails', '~> 6.0.0.beta3'
-  group :mongoid do
-    gem "mongoid", "~> 6.0"
-  end
-end

data/Gemfile DELETED Viewed

@@ -1,10 +0,0 @@
-source "https://rubygems.org"
-gemspec
-group :active_record do
-  gem 'sqlite3', '~> 1.3.0'
-end
-group :mongoid do
-  gem 'mongoid'
-end

data/Rakefile DELETED Viewed

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-$LOAD_PATH.unshift File.join(File.dirname(__FILE__), 'lib')
-require 'bundler/gem_tasks'
-require 'rake/testtask'
-require 'rdoc/task'
-require 'devise-security/version'
-desc 'Default: Run DeviseSecurity unit tests'
-task default: :test
-Rake::TestTask.new(:test) do |t|
-  t.libs << 'lib'
-  t.libs << 'test'
-  t.test_files = FileList['test/*test*.rb', 'test/**/*test*.rb']
-  t.verbose = true
-  t.warning = false
-end
-Rake::RDocTask.new do |rdoc|
-  version = DeviseSecurity::VERSION.dup
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "devise-security #{version}"
-  rdoc.rdoc_files.include('README*')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end

data/devise-security.gemspec DELETED Viewed

@@ -1,50 +0,0 @@
-# -*- encoding: utf-8 -*-
-# frozen_string_literal: true
-$LOAD_PATH.push File.expand_path('../lib', __FILE__)
-require 'devise-security/version'
-Gem::Specification.new do |s|
-  s.name        = 'devise-security'
-  s.version     = DeviseSecurity::VERSION.dup
-  s.platform    = Gem::Platform::RUBY
-  s.licenses    = ['MIT']
-  s.summary     = 'Security extension for devise'
-  s.email       = 'natebird@gmail.com'
-  s.homepage    = 'https://github.com/devise-security/devise-security'
-  s.description = 'An enterprise security extension for devise.'
-  s.authors     = [
-    'Marco Scholl',
-    'Alexander Dreher',
-    'Nate Bird',
-    'Dillon Welch',
-    'Kevin Olbrich'
-  ]
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- test/*`.split("\n")
-  s.require_paths = ['lib']
-  s.required_ruby_version = '>= 2.3.0'
-  if RUBY_VERSION >= '2.4'
-    s.add_runtime_dependency 'rails', '>= 4.2.0', '< 7.0'
-  else
-    s.add_runtime_dependency 'railties', '>= 4.2.0', '< 6.0'
-  end
-  s.add_runtime_dependency 'devise', '>= 4.3.0', '< 5.0'
-  s.add_development_dependency 'appraisal'
-  s.add_development_dependency 'bundler'
-  s.add_development_dependency 'coveralls'
-  s.add_development_dependency 'database_cleaner'
-  s.add_development_dependency 'easy_captcha'
-  s.add_development_dependency 'm'
-  s.add_development_dependency 'minitest'
-  s.add_development_dependency 'omniauth'
-  s.add_development_dependency 'pry-byebug'
-  s.add_development_dependency 'pry-rescue'
-  s.add_development_dependency 'rails_email_validator'
-  s.add_development_dependency 'rubocop', '~> 0.66.0'
-  s.add_development_dependency 'sqlite3'
-  s.add_development_dependency 'wwtd'
-end

data/gemfiles/rails_4.2_stable.gemfile DELETED Viewed

@@ -1,16 +0,0 @@
-# This file was generated by Appraisal
-source "https://rubygems.org"
-gem "rails", "~> 4.2.0"
-gem "bundler", "< 2"
-group :active_record do
-  gem "sqlite3", "~> 1.3.0"
-end
-group :mongoid do
-  gem "mongoid", "~> 4.0"
-end
-gemspec path: "../"

data/gemfiles/rails_5.0_stable.gemfile DELETED Viewed

@@ -1,15 +0,0 @@
-# This file was generated by Appraisal
-source "https://rubygems.org"
-gem "rails", "~> 5.0.0"
-group :active_record do
-  gem "sqlite3", "~> 1.3.0"
-end
-group :mongoid do
-  gem "mongoid", "~> 6.0"
-end
-gemspec path: "../"

data/gemfiles/rails_5.1_stable.gemfile DELETED Viewed

@@ -1,15 +0,0 @@
-# This file was generated by Appraisal
-source "https://rubygems.org"
-gem "rails", "~> 5.1.0"
-group :active_record do
-  gem "sqlite3", "~> 1.3.0"
-end
-group :mongoid do
-  gem "mongoid", "~> 6.0"
-end
-gemspec path: "../"

data/gemfiles/rails_5.2_stable.gemfile DELETED Viewed

@@ -1,15 +0,0 @@
-# This file was generated by Appraisal
-source "https://rubygems.org"
-gem "rails", "~> 5.2.0"
-group :active_record do
-  gem "sqlite3", "~> 1.3.0"
-end
-group :mongoid do
-  gem "mongoid", "~> 6.0"
-end
-gemspec path: "../"

data/gemfiles/rails_6.0_beta.gemfile DELETED Viewed

@@ -1,15 +0,0 @@
-# This file was generated by Appraisal
-source "https://rubygems.org"
-gem "rails", "~> 6.0.0.rc1"
-group :active_record do
-  gem "sqlite3", "~> 1.3.0"
-end
-group :mongoid do
-  gem "mongoid", "~> 6.0"
-end
-gemspec path: "../"

data/lib/devise-security/orm/active_record.rb DELETED Viewed

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-module DeviseSecurity
-  module Orm
-    # This module contains some helpers and handle schema (migrations):
-    #
-    #   create_table :accounts do |t|
-    #     t.password_expirable
-    #   end
-    #
-    module ActiveRecord
-      module Schema
-        include DeviseSecurity::Schema
-      end
-    end
-  end
-end
-ActiveRecord::ConnectionAdapters::Table.send :include, DeviseSecurity::Orm::ActiveRecord::Schema
-ActiveRecord::ConnectionAdapters::TableDefinition.send :include, DeviseSecurity::Orm::ActiveRecord::Schema

data/lib/devise-security/schema.rb DELETED Viewed

@@ -1,66 +0,0 @@
-# frozen_string_literal: true
-module DeviseSecurity
-  # add schema helper for migrations
-  module Schema
-    # Add password_changed_at columns in the resource's database table.
-    #
-    # Examples
-    #
-    # # For a new resource migration:
-    # create_table :the_resources do |t|
-    #   t.password_expirable
-    # ...
-    # end
-    #
-    # # or if the resource's table already exists, define a migration and put this in:
-    # change_table :the_resources do |t|
-    #   t.datetime :password_changed_at
-    # end
-    #
-    def password_expirable
-      apply_devise_schema :password_changed_at, DateTime
-    end
-    # Add password_archivable columns
-    #
-    # Examples
-    #
-    # create_table :old_passwords do
-    #   t.password_archivable
-    # end
-    # add_index :old_passwords, [:password_archivable_type, :password_archivable_id], name: 'index_password_archivable'
-    #
-    def password_archivable
-      apply_devise_schema :encrypted_password, String, limit: 128, null: false
-      apply_devise_schema :password_salt, String
-      apply_devise_schema :password_archivable_id, Integer, null: false
-      apply_devise_schema :password_archivable_type, String, null: false
-      apply_devise_schema :created_at, DateTime
-    end
-    # Add session_limitable columns in the resource's database table.
-    #
-    # Examples
-    #
-    # # For a new resource migration:
-    # create_table :the_resources do |t|
-    #   t.session_limitable
-    # ...
-    # end
-    #
-    # # or if the resource's table already exists, define a migration and put this in:
-    # change_table :the_resources do |t|
-    #   t.string :unique_session_id, limit: 20
-    # end
-    #
-    def session_limitable
-      apply_devise_schema :unique_session_id, String, limit: 20
-    end
-    def expirable
-      apply_devise_schema :expired_at, DateTime
-      apply_devise_schema :last_activity_at, DateTime
-    end
-  end
-end

data/test/dummy/app/models/secure_user.rb DELETED Viewed

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-class SecureUser < ApplicationUserRecord
-  devise :database_authenticatable, :secure_validatable, email_validation: false
-  if DEVISE_ORM == :mongoid
-    require './test/dummy/app/models/mongoid/mappings'
-    include ::Mongoid::Mappings
-  end
-end