devise-security 0.15.0 → 0.18.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (145) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE.txt +3 -1
  3. data/README.md +43 -24
  4. data/app/controllers/devise/paranoid_verification_code_controller.rb +26 -12
  5. data/app/controllers/devise/password_expired_controller.rb +23 -10
  6. data/config/locales/bg.yml +42 -0
  7. data/config/locales/by.yml +2 -0
  8. data/config/locales/cs.yml +6 -0
  9. data/config/locales/de.yml +4 -0
  10. data/config/locales/en.yml +3 -1
  11. data/config/locales/es.yml +13 -0
  12. data/config/locales/fa.yml +2 -0
  13. data/config/locales/fr.yml +15 -2
  14. data/config/locales/hi.yml +22 -20
  15. data/config/locales/it.yml +2 -0
  16. data/config/locales/ja.yml +13 -0
  17. data/config/locales/nl.yml +2 -0
  18. data/config/locales/pt.yml +2 -0
  19. data/config/locales/ru.yml +2 -0
  20. data/config/locales/tr.yml +26 -1
  21. data/config/locales/uk.yml +2 -0
  22. data/config/locales/zh_CN.yml +2 -0
  23. data/config/locales/zh_TW.yml +2 -0
  24. data/lib/devise-security/controllers/helpers.rb +25 -13
  25. data/lib/devise-security/hooks/expirable.rb +3 -3
  26. data/lib/devise-security/hooks/paranoid_verification.rb +1 -3
  27. data/lib/devise-security/hooks/password_expirable.rb +1 -3
  28. data/lib/devise-security/hooks/session_limitable.rb +10 -6
  29. data/lib/devise-security/models/compatibility/active_record_patch.rb +4 -3
  30. data/lib/devise-security/models/compatibility/mongoid_patch.rb +3 -2
  31. data/lib/devise-security/models/database_authenticatable_patch.rb +18 -10
  32. data/lib/devise-security/models/expirable.rb +6 -5
  33. data/lib/devise-security/models/paranoid_verification.rb +2 -2
  34. data/lib/devise-security/models/password_archivable.rb +3 -3
  35. data/lib/devise-security/models/secure_validatable.rb +62 -11
  36. data/lib/devise-security/orm/mongoid.rb +1 -1
  37. data/lib/devise-security/patches.rb +14 -8
  38. data/lib/devise-security/routes.rb +2 -3
  39. data/lib/devise-security/validators/password_complexity_validator.rb +53 -26
  40. data/lib/devise-security/version.rb +1 -1
  41. data/lib/devise-security.rb +15 -6
  42. data/lib/generators/devise_security/install_generator.rb +4 -6
  43. data/{test/tmp/config/initializers/devise-security.rb → lib/generators/templates/devise_security.rb} +9 -1
  44. data/test/controllers/test_paranoid_verification_code_controller.rb +133 -0
  45. data/test/controllers/test_password_expired_controller.rb +122 -99
  46. data/test/controllers/test_security_question_controller.rb +19 -37
  47. data/test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb +7 -0
  48. data/test/dummy/app/controllers/overrides/password_expired_controller.rb +17 -0
  49. data/test/dummy/app/controllers/widgets_controller.rb +3 -0
  50. data/test/dummy/app/models/application_user_record.rb +2 -1
  51. data/test/dummy/app/models/mongoid/confirmable_fields.rb +2 -0
  52. data/test/dummy/app/models/mongoid/database_authenticable_fields.rb +4 -3
  53. data/test/dummy/app/models/mongoid/expirable_fields.rb +2 -0
  54. data/test/dummy/app/models/mongoid/lockable_fields.rb +2 -0
  55. data/test/dummy/app/models/mongoid/mappings.rb +4 -2
  56. data/test/dummy/app/models/mongoid/omniauthable_fields.rb +2 -0
  57. data/test/dummy/app/models/mongoid/paranoid_verification_fields.rb +2 -0
  58. data/test/dummy/app/models/mongoid/password_archivable_fields.rb +2 -0
  59. data/test/dummy/app/models/mongoid/password_expirable_fields.rb +2 -0
  60. data/test/dummy/app/models/mongoid/recoverable_fields.rb +2 -0
  61. data/test/dummy/app/models/mongoid/registerable_fields.rb +4 -2
  62. data/test/dummy/app/models/mongoid/rememberable_fields.rb +2 -0
  63. data/test/dummy/app/models/mongoid/secure_validatable_fields.rb +2 -0
  64. data/test/dummy/app/models/mongoid/security_questionable_fields.rb +2 -0
  65. data/test/dummy/app/models/mongoid/session_limitable_fields.rb +2 -0
  66. data/test/dummy/app/models/mongoid/timeoutable_fields.rb +2 -0
  67. data/test/dummy/app/models/mongoid/trackable_fields.rb +2 -0
  68. data/test/dummy/app/models/mongoid/validatable_fields.rb +2 -0
  69. data/test/dummy/app/models/paranoid_verification_user.rb +26 -0
  70. data/test/dummy/app/models/password_expired_user.rb +26 -0
  71. data/test/dummy/app/models/user.rb +5 -5
  72. data/test/dummy/app/models/widget.rb +1 -3
  73. data/test/dummy/app/mongoid/one_user.rb +5 -5
  74. data/test/dummy/app/mongoid/user_on_engine.rb +2 -2
  75. data/test/dummy/app/mongoid/user_on_main_app.rb +2 -2
  76. data/test/dummy/app/mongoid/user_with_validations.rb +3 -3
  77. data/test/dummy/app/mongoid/user_without_email.rb +7 -4
  78. data/test/dummy/config/application.rb +3 -7
  79. data/test/dummy/config/boot.rb +1 -1
  80. data/test/dummy/config/environment.rb +1 -1
  81. data/test/dummy/config/environments/test.rb +4 -13
  82. data/test/dummy/config/initializers/devise.rb +1 -5
  83. data/test/dummy/config/initializers/migration_class.rb +1 -8
  84. data/test/dummy/config/locales/en.yml +10 -0
  85. data/test/dummy/config/mongoid.yml +1 -1
  86. data/test/dummy/config/routes.rb +3 -1
  87. data/test/dummy/config.ru +1 -1
  88. data/test/dummy/db/migrate/20120508165529_create_tables.rb +5 -5
  89. data/test/dummy/lib/shared_expirable_columns.rb +1 -0
  90. data/test/dummy/lib/shared_security_questions_fields.rb +1 -0
  91. data/test/dummy/lib/shared_user.rb +17 -6
  92. data/test/dummy/lib/shared_user_without_omniauth.rb +12 -3
  93. data/test/dummy/lib/shared_verification_fields.rb +1 -0
  94. data/test/dummy/log/test.log +44592 -1151
  95. data/test/i18n_test.rb +22 -0
  96. data/test/integration/test_paranoid_verification_code_workflow.rb +53 -0
  97. data/test/integration/test_password_expirable_workflow.rb +2 -6
  98. data/test/integration/test_session_limitable_workflow.rb +5 -3
  99. data/test/orm/active_record.rb +7 -7
  100. data/test/orm/mongoid.rb +2 -1
  101. data/test/support/integration_helpers.rb +10 -22
  102. data/test/support/mongoid.yml +1 -1
  103. data/test/test_compatibility.rb +2 -0
  104. data/test/test_complexity_validator.rb +247 -37
  105. data/test/test_database_authenticatable_patch.rb +146 -0
  106. data/test/test_helper.rb +11 -12
  107. data/test/test_install_generator.rb +2 -2
  108. data/test/test_paranoid_verification.rb +8 -9
  109. data/test/test_password_archivable.rb +34 -11
  110. data/test/test_password_expirable.rb +27 -27
  111. data/test/test_secure_validatable.rb +284 -50
  112. data/test/test_secure_validatable_overrides.rb +185 -0
  113. data/test/test_session_limitable.rb +9 -9
  114. data/{lib/generators/templates/devise-security.rb → test/tmp/config/initializers/devise_security.rb} +9 -1
  115. data/test/tmp/config/locales/devise.security_extension.by.yml +50 -0
  116. data/test/tmp/config/locales/devise.security_extension.cs.yml +46 -0
  117. data/test/tmp/config/locales/devise.security_extension.de.yml +4 -0
  118. data/test/tmp/config/locales/devise.security_extension.en.yml +3 -1
  119. data/test/tmp/config/locales/devise.security_extension.es.yml +22 -9
  120. data/test/tmp/config/locales/devise.security_extension.fa.yml +2 -0
  121. data/test/tmp/config/locales/devise.security_extension.fr.yml +15 -2
  122. data/test/tmp/config/locales/devise.security_extension.hi.yml +43 -0
  123. data/test/tmp/config/locales/devise.security_extension.it.yml +2 -0
  124. data/test/tmp/config/locales/devise.security_extension.ja.yml +13 -0
  125. data/test/tmp/config/locales/devise.security_extension.nl.yml +2 -0
  126. data/test/tmp/config/locales/devise.security_extension.pt.yml +2 -0
  127. data/test/tmp/config/locales/devise.security_extension.ru.yml +2 -0
  128. data/test/tmp/config/locales/devise.security_extension.tr.yml +26 -1
  129. data/test/tmp/config/locales/devise.security_extension.uk.yml +2 -0
  130. data/test/tmp/config/locales/devise.security_extension.zh_CN.yml +2 -0
  131. data/test/tmp/config/locales/devise.security_extension.zh_TW.yml +42 -0
  132. metadata +65 -45
  133. data/lib/devise-security/orm/active_record.rb +0 -20
  134. data/lib/devise-security/patches/confirmations_controller_captcha.rb +0 -23
  135. data/lib/devise-security/patches/confirmations_controller_security_question.rb +0 -26
  136. data/lib/devise-security/patches/passwords_controller_captcha.rb +0 -22
  137. data/lib/devise-security/patches/passwords_controller_security_question.rb +0 -25
  138. data/lib/devise-security/patches/registrations_controller_captcha.rb +0 -35
  139. data/lib/devise-security/patches/sessions_controller_captcha.rb +0 -26
  140. data/lib/devise-security/patches/unlocks_controller_captcha.rb +0 -22
  141. data/lib/devise-security/patches/unlocks_controller_security_question.rb +0 -25
  142. data/lib/devise-security/schema.rb +0 -66
  143. data/test/dummy/app/controllers/foos_controller.rb +0 -0
  144. data/test/dummy/app/models/secure_user.rb +0 -9
  145. data/test/dummy/lib/shared_user_without_email.rb +0 -28
metadata CHANGED
@@ -1,18 +1,18 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-security
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.15.0
4
+ version: 0.18.0
5
5
  platform: ruby
6
6
  authors:
7
- - Marco Scholl
8
7
  - Alexander Dreher
9
- - Nate Bird
10
8
  - Dillon Welch
11
9
  - Kevin Olbrich
10
+ - Marco Scholl
11
+ - Nate Bird
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2021-01-13 00:00:00.000000000 Z
15
+ date: 2023-04-15 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: devise
@@ -21,9 +21,6 @@ dependencies:
21
21
  - - ">="
22
22
  - !ruby/object:Gem::Version
23
23
  version: 4.3.0
24
- - - "<"
25
- - !ruby/object:Gem::Version
26
- version: '5.0'
27
24
  type: :runtime
28
25
  prerelease: false
29
26
  version_requirements: !ruby/object:Gem::Requirement
@@ -31,9 +28,6 @@ dependencies:
31
28
  - - ">="
32
29
  - !ruby/object:Gem::Version
33
30
  version: 4.3.0
34
- - - "<"
35
- - !ruby/object:Gem::Version
36
- version: '5.0'
37
31
  - !ruby/object:Gem::Dependency
38
32
  name: appraisal
39
33
  requirement: !ruby/object:Gem::Requirement
@@ -62,6 +56,20 @@ dependencies:
62
56
  - - ">="
63
57
  - !ruby/object:Gem::Version
64
58
  version: '0'
59
+ - !ruby/object:Gem::Dependency
60
+ name: byebug
61
+ requirement: !ruby/object:Gem::Requirement
62
+ requirements:
63
+ - - ">="
64
+ - !ruby/object:Gem::Version
65
+ version: '0'
66
+ type: :development
67
+ prerelease: false
68
+ version_requirements: !ruby/object:Gem::Requirement
69
+ requirements:
70
+ - - ">="
71
+ - !ruby/object:Gem::Version
72
+ version: '0'
65
73
  - !ruby/object:Gem::Dependency
66
74
  name: database_cleaner
67
75
  requirement: !ruby/object:Gem::Requirement
@@ -91,7 +99,7 @@ dependencies:
91
99
  - !ruby/object:Gem::Version
92
100
  version: '0'
93
101
  - !ruby/object:Gem::Dependency
94
- name: m
102
+ name: i18n-tasks
95
103
  requirement: !ruby/object:Gem::Requirement
96
104
  requirements:
97
105
  - - ">="
@@ -105,7 +113,7 @@ dependencies:
105
113
  - !ruby/object:Gem::Version
106
114
  version: '0'
107
115
  - !ruby/object:Gem::Dependency
108
- name: minitest
116
+ name: m
109
117
  requirement: !ruby/object:Gem::Requirement
110
118
  requirements:
111
119
  - - ">="
@@ -119,7 +127,7 @@ dependencies:
119
127
  - !ruby/object:Gem::Version
120
128
  version: '0'
121
129
  - !ruby/object:Gem::Dependency
122
- name: omniauth
130
+ name: minitest
123
131
  requirement: !ruby/object:Gem::Requirement
124
132
  requirements:
125
133
  - - ">="
@@ -133,7 +141,7 @@ dependencies:
133
141
  - !ruby/object:Gem::Version
134
142
  version: '0'
135
143
  - !ruby/object:Gem::Dependency
136
- name: pry-byebug
144
+ name: omniauth
137
145
  requirement: !ruby/object:Gem::Requirement
138
146
  requirements:
139
147
  - - ">="
@@ -178,18 +186,18 @@ dependencies:
178
186
  name: rubocop
179
187
  requirement: !ruby/object:Gem::Requirement
180
188
  requirements:
181
- - - "~>"
189
+ - - ">="
182
190
  - !ruby/object:Gem::Version
183
- version: 0.80.0
191
+ version: '0'
184
192
  type: :development
185
193
  prerelease: false
186
194
  version_requirements: !ruby/object:Gem::Requirement
187
195
  requirements:
188
- - - "~>"
196
+ - - ">="
189
197
  - !ruby/object:Gem::Version
190
- version: 0.80.0
198
+ version: '0'
191
199
  - !ruby/object:Gem::Dependency
192
- name: rubocop-rails
200
+ name: rubocop-minitest
193
201
  requirement: !ruby/object:Gem::Requirement
194
202
  requirements:
195
203
  - - ">="
@@ -203,7 +211,7 @@ dependencies:
203
211
  - !ruby/object:Gem::Version
204
212
  version: '0'
205
213
  - !ruby/object:Gem::Dependency
206
- name: simplecov-lcov
214
+ name: rubocop-rails
207
215
  requirement: !ruby/object:Gem::Requirement
208
216
  requirements:
209
217
  - - ">="
@@ -217,7 +225,7 @@ dependencies:
217
225
  - !ruby/object:Gem::Version
218
226
  version: '0'
219
227
  - !ruby/object:Gem::Dependency
220
- name: solargraph
228
+ name: simplecov-lcov
221
229
  requirement: !ruby/object:Gem::Requirement
222
230
  requirements:
223
231
  - - ">="
@@ -231,7 +239,7 @@ dependencies:
231
239
  - !ruby/object:Gem::Version
232
240
  version: '0'
233
241
  - !ruby/object:Gem::Dependency
234
- name: sqlite3
242
+ name: solargraph
235
243
  requirement: !ruby/object:Gem::Requirement
236
244
  requirements:
237
245
  - - ">="
@@ -245,7 +253,7 @@ dependencies:
245
253
  - !ruby/object:Gem::Version
246
254
  version: '0'
247
255
  - !ruby/object:Gem::Dependency
248
- name: wwtd
256
+ name: solargraph-arc
249
257
  requirement: !ruby/object:Gem::Requirement
250
258
  requirements:
251
259
  - - ">="
@@ -270,6 +278,7 @@ files:
270
278
  - app/controllers/devise/password_expired_controller.rb
271
279
  - app/views/devise/paranoid_verification_code/show.html.erb
272
280
  - app/views/devise/password_expired/show.html.erb
281
+ - config/locales/bg.yml
273
282
  - config/locales/by.yml
274
283
  - config/locales/cs.yml
275
284
  - config/locales/de.yml
@@ -306,34 +315,26 @@ files:
306
315
  - lib/devise-security/models/secure_validatable.rb
307
316
  - lib/devise-security/models/security_questionable.rb
308
317
  - lib/devise-security/models/session_limitable.rb
309
- - lib/devise-security/orm/active_record.rb
310
318
  - lib/devise-security/orm/mongoid.rb
311
319
  - lib/devise-security/patches.rb
312
- - lib/devise-security/patches/confirmations_controller_captcha.rb
313
- - lib/devise-security/patches/confirmations_controller_security_question.rb
314
320
  - lib/devise-security/patches/controller_captcha.rb
315
321
  - lib/devise-security/patches/controller_security_question.rb
316
- - lib/devise-security/patches/passwords_controller_captcha.rb
317
- - lib/devise-security/patches/passwords_controller_security_question.rb
318
- - lib/devise-security/patches/registrations_controller_captcha.rb
319
- - lib/devise-security/patches/sessions_controller_captcha.rb
320
- - lib/devise-security/patches/unlocks_controller_captcha.rb
321
- - lib/devise-security/patches/unlocks_controller_security_question.rb
322
322
  - lib/devise-security/rails.rb
323
323
  - lib/devise-security/routes.rb
324
- - lib/devise-security/schema.rb
325
324
  - lib/devise-security/validators/password_complexity_validator.rb
326
325
  - lib/devise-security/version.rb
327
326
  - lib/generators/devise_security/install_generator.rb
328
- - lib/generators/templates/devise-security.rb
327
+ - lib/generators/templates/devise_security.rb
329
328
  - test/controllers/test_captcha_controller.rb
329
+ - test/controllers/test_paranoid_verification_code_controller.rb
330
330
  - test/controllers/test_password_expired_controller.rb
331
331
  - test/controllers/test_security_question_controller.rb
332
332
  - test/dummy/Rakefile
333
333
  - test/dummy/app/assets/config/manifest.js
334
334
  - test/dummy/app/controllers/application_controller.rb
335
335
  - test/dummy/app/controllers/captcha/sessions_controller.rb
336
- - test/dummy/app/controllers/foos_controller.rb
336
+ - test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb
337
+ - test/dummy/app/controllers/overrides/password_expired_controller.rb
337
338
  - test/dummy/app/controllers/security_question/unlocks_controller.rb
338
339
  - test/dummy/app/controllers/widgets_controller.rb
339
340
  - test/dummy/app/models/application_record.rb
@@ -357,7 +358,8 @@ files:
357
358
  - test/dummy/app/models/mongoid/timeoutable_fields.rb
358
359
  - test/dummy/app/models/mongoid/trackable_fields.rb
359
360
  - test/dummy/app/models/mongoid/validatable_fields.rb
360
- - test/dummy/app/models/secure_user.rb
361
+ - test/dummy/app/models/paranoid_verification_user.rb
362
+ - test/dummy/app/models/password_expired_user.rb
361
363
  - test/dummy/app/models/security_question_user.rb
362
364
  - test/dummy/app/models/user.rb
363
365
  - test/dummy/app/models/widget.rb
@@ -377,6 +379,7 @@ files:
377
379
  - test/dummy/config/environments/test.rb
378
380
  - test/dummy/config/initializers/devise.rb
379
381
  - test/dummy/config/initializers/migration_class.rb
382
+ - test/dummy/config/locales/en.yml
380
383
  - test/dummy/config/mongoid.yml
381
384
  - test/dummy/config/routes.rb
382
385
  - test/dummy/config/secrets.yml
@@ -393,10 +396,11 @@ files:
393
396
  - test/dummy/lib/shared_security_questions_fields.rb
394
397
  - test/dummy/lib/shared_user.rb
395
398
  - test/dummy/lib/shared_user_with_password_verification.rb
396
- - test/dummy/lib/shared_user_without_email.rb
397
399
  - test/dummy/lib/shared_user_without_omniauth.rb
398
400
  - test/dummy/lib/shared_verification_fields.rb
399
401
  - test/dummy/log/test.log
402
+ - test/i18n_test.rb
403
+ - test/integration/test_paranoid_verification_code_workflow.rb
400
404
  - test/integration/test_password_expirable_workflow.rb
401
405
  - test/integration/test_session_limitable_workflow.rb
402
406
  - test/orm/active_record.rb
@@ -405,19 +409,24 @@ files:
405
409
  - test/support/mongoid.yml
406
410
  - test/test_compatibility.rb
407
411
  - test/test_complexity_validator.rb
412
+ - test/test_database_authenticatable_patch.rb
408
413
  - test/test_helper.rb
409
414
  - test/test_install_generator.rb
410
415
  - test/test_paranoid_verification.rb
411
416
  - test/test_password_archivable.rb
412
417
  - test/test_password_expirable.rb
413
418
  - test/test_secure_validatable.rb
419
+ - test/test_secure_validatable_overrides.rb
414
420
  - test/test_session_limitable.rb
415
- - test/tmp/config/initializers/devise-security.rb
421
+ - test/tmp/config/initializers/devise_security.rb
422
+ - test/tmp/config/locales/devise.security_extension.by.yml
423
+ - test/tmp/config/locales/devise.security_extension.cs.yml
416
424
  - test/tmp/config/locales/devise.security_extension.de.yml
417
425
  - test/tmp/config/locales/devise.security_extension.en.yml
418
426
  - test/tmp/config/locales/devise.security_extension.es.yml
419
427
  - test/tmp/config/locales/devise.security_extension.fa.yml
420
428
  - test/tmp/config/locales/devise.security_extension.fr.yml
429
+ - test/tmp/config/locales/devise.security_extension.hi.yml
421
430
  - test/tmp/config/locales/devise.security_extension.it.yml
422
431
  - test/tmp/config/locales/devise.security_extension.ja.yml
423
432
  - test/tmp/config/locales/devise.security_extension.nl.yml
@@ -426,12 +435,12 @@ files:
426
435
  - test/tmp/config/locales/devise.security_extension.tr.yml
427
436
  - test/tmp/config/locales/devise.security_extension.uk.yml
428
437
  - test/tmp/config/locales/devise.security_extension.zh_CN.yml
438
+ - test/tmp/config/locales/devise.security_extension.zh_TW.yml
429
439
  homepage: https://github.com/devise-security/devise-security
430
440
  licenses:
431
441
  - MIT
432
442
  metadata: {}
433
- post_install_message: 'WARNING: devise-security will drop support for Rails 4.2 in
434
- version 0.16.0'
443
+ post_install_message:
435
444
  rdoc_options: []
436
445
  require_paths:
437
446
  - lib
@@ -446,7 +455,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
446
455
  - !ruby/object:Gem::Version
447
456
  version: '0'
448
457
  requirements: []
449
- rubygems_version: 3.0.8
458
+ rubygems_version: 3.1.6
450
459
  signing_key:
451
460
  specification_version: 4
452
461
  summary: Security extension for devise
@@ -479,14 +488,16 @@ test_files:
479
488
  - test/dummy/app/models/mongoid/omniauthable_fields.rb
480
489
  - test/dummy/app/models/security_question_user.rb
481
490
  - test/dummy/app/models/application_user_record.rb
482
- - test/dummy/app/models/secure_user.rb
483
491
  - test/dummy/app/models/widget.rb
492
+ - test/dummy/app/models/password_expired_user.rb
493
+ - test/dummy/app/models/paranoid_verification_user.rb
484
494
  - test/dummy/app/models/application_record.rb
485
495
  - test/dummy/app/models/captcha_user.rb
486
496
  - test/dummy/app/models/user.rb
497
+ - test/dummy/app/controllers/overrides/password_expired_controller.rb
498
+ - test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb
487
499
  - test/dummy/app/controllers/application_controller.rb
488
500
  - test/dummy/app/controllers/captcha/sessions_controller.rb
489
- - test/dummy/app/controllers/foos_controller.rb
490
501
  - test/dummy/app/controllers/widgets_controller.rb
491
502
  - test/dummy/app/controllers/security_question/unlocks_controller.rb
492
503
  - test/dummy/app/views/foos/index.html.erb
@@ -494,6 +505,7 @@ test_files:
494
505
  - test/dummy/config/secrets.yml
495
506
  - test/dummy/config/routes.rb
496
507
  - test/dummy/config/mongoid.yml
508
+ - test/dummy/config/locales/en.yml
497
509
  - test/dummy/config/environments/test.rb
498
510
  - test/dummy/config/environment.rb
499
511
  - test/dummy/config/application.rb
@@ -505,7 +517,6 @@ test_files:
505
517
  - test/dummy/Rakefile
506
518
  - test/dummy/lib/shared_verification_fields.rb
507
519
  - test/dummy/lib/shared_user.rb
508
- - test/dummy/lib/shared_user_without_email.rb
509
520
  - test/dummy/lib/shared_user_without_omniauth.rb
510
521
  - test/dummy/lib/shared_user_with_password_verification.rb
511
522
  - test/dummy/lib/shared_expirable_columns.rb
@@ -521,9 +532,13 @@ test_files:
521
532
  - test/dummy/db/migrate/20180318105329_add_confirmable_columns.rb
522
533
  - test/dummy/log/test.log
523
534
  - test/test_install_generator.rb
535
+ - test/test_secure_validatable_overrides.rb
536
+ - test/i18n_test.rb
524
537
  - test/test_paranoid_verification.rb
525
538
  - test/integration/test_session_limitable_workflow.rb
526
539
  - test/integration/test_password_expirable_workflow.rb
540
+ - test/integration/test_paranoid_verification_code_workflow.rb
541
+ - test/test_database_authenticatable_patch.rb
527
542
  - test/test_secure_validatable.rb
528
543
  - test/test_session_limitable.rb
529
544
  - test/support/mongoid.yml
@@ -534,13 +549,16 @@ test_files:
534
549
  - test/test_compatibility.rb
535
550
  - test/test_password_expirable.rb
536
551
  - test/controllers/test_security_question_controller.rb
552
+ - test/controllers/test_paranoid_verification_code_controller.rb
537
553
  - test/controllers/test_captcha_controller.rb
538
554
  - test/controllers/test_password_expired_controller.rb
555
+ - test/tmp/config/locales/devise.security_extension.by.yml
539
556
  - test/tmp/config/locales/devise.security_extension.nl.yml
540
557
  - test/tmp/config/locales/devise.security_extension.tr.yml
541
558
  - test/tmp/config/locales/devise.security_extension.ru.yml
542
559
  - test/tmp/config/locales/devise.security_extension.fr.yml
543
560
  - test/tmp/config/locales/devise.security_extension.fa.yml
561
+ - test/tmp/config/locales/devise.security_extension.hi.yml
544
562
  - test/tmp/config/locales/devise.security_extension.ja.yml
545
563
  - test/tmp/config/locales/devise.security_extension.en.yml
546
564
  - test/tmp/config/locales/devise.security_extension.pt.yml
@@ -549,5 +567,7 @@ test_files:
549
567
  - test/tmp/config/locales/devise.security_extension.es.yml
550
568
  - test/tmp/config/locales/devise.security_extension.zh_CN.yml
551
569
  - test/tmp/config/locales/devise.security_extension.uk.yml
552
- - test/tmp/config/initializers/devise-security.rb
570
+ - test/tmp/config/locales/devise.security_extension.zh_TW.yml
571
+ - test/tmp/config/locales/devise.security_extension.cs.yml
572
+ - test/tmp/config/initializers/devise_security.rb
553
573
  - test/test_complexity_validator.rb
@@ -1,20 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module DeviseSecurity
4
- module Orm
5
- # This module contains some helpers and handle schema (migrations):
6
- #
7
- # create_table :accounts do |t|
8
- # t.password_expirable
9
- # end
10
- #
11
- module ActiveRecord
12
- module Schema
13
- include DeviseSecurity::Schema
14
- end
15
- end
16
- end
17
- end
18
-
19
- ActiveRecord::ConnectionAdapters::Table.send :include, DeviseSecurity::Orm::ActiveRecord::Schema
20
- ActiveRecord::ConnectionAdapters::TableDefinition.send :include, DeviseSecurity::Orm::ActiveRecord::Schema
@@ -1,23 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module DeviseSecurity::Patches
4
- module ConfirmationsControllerCaptcha
5
- extend ActiveSupport::Concern
6
- included do
7
- define_method :create do
8
- if valid_captcha_if_defined?(params[:captcha])
9
- self.resource = resource_class.send_confirmation_instructions(params[resource_name])
10
-
11
- if successfully_sent?(resource)
12
- respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
13
- else
14
- respond_with(resource)
15
- end
16
- else
17
- flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
18
- respond_with({}, location: new_confirmation_path(resource_name))
19
- end
20
- end
21
- end
22
- end
23
- end
@@ -1,26 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module DeviseSecurity::Patches
4
- module ConfirmationsControllerSecurityQuestion
5
- extend ActiveSupport::Concern
6
- included do
7
- define_method :create do
8
- # only find via email, not login
9
- resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
10
-
11
- if valid_captcha_or_security_question?(resource, params)
12
- self.resource = resource_class.send_confirmation_instructions(params[resource_name])
13
-
14
- if successfully_sent?(resource)
15
- respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
16
- else
17
- respond_with(resource)
18
- end
19
- else
20
- flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
21
- respond_with({}, location: new_confirmation_path(resource_name))
22
- end
23
- end
24
- end
25
- end
26
- end
@@ -1,22 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module DeviseSecurity::Patches
4
- module PasswordsControllerCaptcha
5
- extend ActiveSupport::Concern
6
- included do
7
- define_method :create do
8
- if valid_captcha_if_defined?(params[:captcha])
9
- self.resource = resource_class.send_reset_password_instructions(params[resource_name])
10
- if successfully_sent?(resource)
11
- respond_with({}, location: new_session_path(resource_name))
12
- else
13
- respond_with(resource)
14
- end
15
- else
16
- flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
17
- respond_with({}, location: new_password_path(resource_name))
18
- end
19
- end
20
- end
21
- end
22
- end
@@ -1,25 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module DeviseSecurity::Patches
4
- module PasswordsControllerSecurityQuestion
5
- extend ActiveSupport::Concern
6
- included do
7
- define_method :create do
8
- # only find via email, not login
9
- resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
10
-
11
- if valid_captcha_or_security_question?(resource, params)
12
- self.resource = resource_class.send_reset_password_instructions(params[resource_name])
13
- if successfully_sent?(resource)
14
- respond_with({}, location: new_session_path(resource_name))
15
- else
16
- respond_with(resource)
17
- end
18
- else
19
- flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
20
- respond_with({}, location: new_password_path(resource_name))
21
- end
22
- end
23
- end
24
- end
25
- end
@@ -1,35 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module DeviseSecurity::Patches
4
- module RegistrationsControllerCaptcha
5
- extend ActiveSupport::Concern
6
- included do
7
- define_method :create do |&block|
8
- build_resource(sign_up_params)
9
-
10
- if valid_captcha_if_defined?(params[:captcha])
11
- if resource.save
12
- block.call(resource) if block
13
- if resource.active_for_authentication?
14
- set_flash_message :notice, :signed_up if is_flashing_format?
15
- sign_up(resource_name, resource)
16
- respond_with resource, location: after_sign_up_path_for(resource)
17
- else
18
- set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
19
- expire_data_after_sign_in!
20
- respond_with resource, location: after_inactive_sign_up_path_for(resource)
21
- end
22
- else
23
- clean_up_passwords resource
24
- respond_with resource
25
- end
26
-
27
- else
28
- resource.errors.add :base, t('devise.invalid_captcha')
29
- clean_up_passwords resource
30
- respond_with resource
31
- end
32
- end
33
- end
34
- end
35
- end
@@ -1,26 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module DeviseSecurity::Patches
4
- module SessionsControllerCaptcha
5
- extend ActiveSupport::Concern
6
- included do
7
- define_method :create do |&block|
8
- if valid_captcha_if_defined?(params[:captcha])
9
- self.resource = warden.authenticate!(auth_options)
10
- set_flash_message(:notice, :signed_in) if is_flashing_format?
11
- sign_in(resource_name, resource)
12
- block.call(resource) if block
13
- respond_with resource, location: after_sign_in_path_for(resource)
14
- else
15
- flash[:alert] = t('devise.invalid_captcha') if is_flashing_format?
16
- respond_with({}, location: new_session_path(resource_name))
17
- end
18
- end
19
-
20
- # for bad protected use in controller
21
- define_method :auth_options do
22
- { scope: resource_name, recall: "#{controller_path}#new" }
23
- end
24
- end
25
- end
26
- end
@@ -1,22 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module DeviseSecurity::Patches
4
- module UnlocksControllerCaptcha
5
- extend ActiveSupport::Concern
6
- included do
7
- define_method :create do
8
- if valid_captcha_if_defined?(params[:captcha])
9
- self.resource = resource_class.send_unlock_instructions(params[resource_name])
10
- if successfully_sent?(resource)
11
- respond_with({}, location: new_session_path(resource_name))
12
- else
13
- respond_with(resource)
14
- end
15
- else
16
- flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
17
- respond_with({}, location: new_unlock_path(resource_name))
18
- end
19
- end
20
- end
21
- end
22
- end
@@ -1,25 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module DeviseSecurity::Patches
4
- module UnlocksControllerSecurityQuestion
5
- extend ActiveSupport::Concern
6
- included do
7
- define_method :create do
8
- # only find via email, not login
9
- resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
10
-
11
- if valid_captcha_or_security_question?(resource, params)
12
- self.resource = resource_class.send_unlock_instructions(params[resource_name])
13
- if successfully_sent?(resource)
14
- respond_with({}, location: new_session_path(resource_name))
15
- else
16
- respond_with(resource)
17
- end
18
- else
19
- flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
20
- respond_with({}, location: new_unlock_path(resource_name))
21
- end
22
- end
23
- end
24
- end
25
- end
@@ -1,66 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module DeviseSecurity
4
- # add schema helper for migrations
5
- module Schema
6
- # Add password_changed_at columns in the resource's database table.
7
- #
8
- # Examples
9
- #
10
- # # For a new resource migration:
11
- # create_table :the_resources do |t|
12
- # t.password_expirable
13
- # ...
14
- # end
15
- #
16
- # # or if the resource's table already exists, define a migration and put this in:
17
- # change_table :the_resources do |t|
18
- # t.datetime :password_changed_at
19
- # end
20
- #
21
- def password_expirable
22
- apply_devise_schema :password_changed_at, DateTime
23
- end
24
-
25
- # Add password_archivable columns
26
- #
27
- # Examples
28
- #
29
- # create_table :old_passwords do
30
- # t.password_archivable
31
- # end
32
- # add_index :old_passwords, [:password_archivable_type, :password_archivable_id], name: 'index_password_archivable'
33
- #
34
- def password_archivable
35
- apply_devise_schema :encrypted_password, String, limit: 128, null: false
36
- apply_devise_schema :password_salt, String
37
- apply_devise_schema :password_archivable_id, Integer, null: false
38
- apply_devise_schema :password_archivable_type, String, null: false
39
- apply_devise_schema :created_at, DateTime
40
- end
41
-
42
- # Add session_limitable columns in the resource's database table.
43
- #
44
- # Examples
45
- #
46
- # # For a new resource migration:
47
- # create_table :the_resources do |t|
48
- # t.session_limitable
49
- # ...
50
- # end
51
- #
52
- # # or if the resource's table already exists, define a migration and put this in:
53
- # change_table :the_resources do |t|
54
- # t.string :unique_session_id, limit: 20
55
- # end
56
- #
57
- def session_limitable
58
- apply_devise_schema :unique_session_id, String, limit: 20
59
- end
60
-
61
- def expirable
62
- apply_devise_schema :expired_at, DateTime
63
- apply_devise_schema :last_activity_at, DateTime
64
- end
65
- end
66
- end
File without changes
@@ -1,9 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class SecureUser < ApplicationUserRecord
4
- devise :database_authenticatable, :secure_validatable, email_validation: false
5
- if DEVISE_ORM == :mongoid
6
- require './test/dummy/app/models/mongoid/mappings'
7
- include ::Mongoid::Mappings
8
- end
9
- end