RubyGems - devise-security - Versions diffs - 0.15.0 → 0.18.0 - Mend

devise-security 0.15.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (145) hide show

checksums.yaml +4 -4
data/LICENSE.txt +3 -1
data/README.md +43 -24
data/app/controllers/devise/paranoid_verification_code_controller.rb +26 -12
data/app/controllers/devise/password_expired_controller.rb +23 -10
data/config/locales/bg.yml +42 -0
data/config/locales/by.yml +2 -0
data/config/locales/cs.yml +6 -0
data/config/locales/de.yml +4 -0
data/config/locales/en.yml +3 -1
data/config/locales/es.yml +13 -0
data/config/locales/fa.yml +2 -0
data/config/locales/fr.yml +15 -2
data/config/locales/hi.yml +22 -20
data/config/locales/it.yml +2 -0
data/config/locales/ja.yml +13 -0
data/config/locales/nl.yml +2 -0
data/config/locales/pt.yml +2 -0
data/config/locales/ru.yml +2 -0
data/config/locales/tr.yml +26 -1
data/config/locales/uk.yml +2 -0
data/config/locales/zh_CN.yml +2 -0
data/config/locales/zh_TW.yml +2 -0
data/lib/devise-security/controllers/helpers.rb +25 -13
data/lib/devise-security/hooks/expirable.rb +3 -3
data/lib/devise-security/hooks/paranoid_verification.rb +1 -3
data/lib/devise-security/hooks/password_expirable.rb +1 -3
data/lib/devise-security/hooks/session_limitable.rb +10 -6
data/lib/devise-security/models/compatibility/active_record_patch.rb +4 -3
data/lib/devise-security/models/compatibility/mongoid_patch.rb +3 -2
data/lib/devise-security/models/database_authenticatable_patch.rb +18 -10
data/lib/devise-security/models/expirable.rb +6 -5
data/lib/devise-security/models/paranoid_verification.rb +2 -2
data/lib/devise-security/models/password_archivable.rb +3 -3
data/lib/devise-security/models/secure_validatable.rb +62 -11
data/lib/devise-security/orm/mongoid.rb +1 -1
data/lib/devise-security/patches.rb +14 -8
data/lib/devise-security/routes.rb +2 -3
data/lib/devise-security/validators/password_complexity_validator.rb +53 -26
data/lib/devise-security/version.rb +1 -1
data/lib/devise-security.rb +15 -6
data/lib/generators/devise_security/install_generator.rb +4 -6
data/{test/tmp/config/initializers/devise-security.rb → lib/generators/templates/devise_security.rb} +9 -1
data/test/controllers/test_paranoid_verification_code_controller.rb +133 -0
data/test/controllers/test_password_expired_controller.rb +122 -99
data/test/controllers/test_security_question_controller.rb +19 -37
data/test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb +7 -0
data/test/dummy/app/controllers/overrides/password_expired_controller.rb +17 -0
data/test/dummy/app/controllers/widgets_controller.rb +3 -0
data/test/dummy/app/models/application_user_record.rb +2 -1
data/test/dummy/app/models/mongoid/confirmable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/database_authenticable_fields.rb +4 -3
data/test/dummy/app/models/mongoid/expirable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/lockable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/mappings.rb +4 -2
data/test/dummy/app/models/mongoid/omniauthable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/paranoid_verification_fields.rb +2 -0
data/test/dummy/app/models/mongoid/password_archivable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/password_expirable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/recoverable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/registerable_fields.rb +4 -2
data/test/dummy/app/models/mongoid/rememberable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/secure_validatable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/security_questionable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/session_limitable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/timeoutable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/trackable_fields.rb +2 -0
data/test/dummy/app/models/mongoid/validatable_fields.rb +2 -0
data/test/dummy/app/models/paranoid_verification_user.rb +26 -0
data/test/dummy/app/models/password_expired_user.rb +26 -0
data/test/dummy/app/models/user.rb +5 -5
data/test/dummy/app/models/widget.rb +1 -3
data/test/dummy/app/mongoid/one_user.rb +5 -5
data/test/dummy/app/mongoid/user_on_engine.rb +2 -2
data/test/dummy/app/mongoid/user_on_main_app.rb +2 -2
data/test/dummy/app/mongoid/user_with_validations.rb +3 -3
data/test/dummy/app/mongoid/user_without_email.rb +7 -4
data/test/dummy/config/application.rb +3 -7
data/test/dummy/config/boot.rb +1 -1
data/test/dummy/config/environment.rb +1 -1
data/test/dummy/config/environments/test.rb +4 -13
data/test/dummy/config/initializers/devise.rb +1 -5
data/test/dummy/config/initializers/migration_class.rb +1 -8
data/test/dummy/config/locales/en.yml +10 -0
data/test/dummy/config/mongoid.yml +1 -1
data/test/dummy/config/routes.rb +3 -1
data/test/dummy/config.ru +1 -1
data/test/dummy/db/migrate/20120508165529_create_tables.rb +5 -5
data/test/dummy/lib/shared_expirable_columns.rb +1 -0
data/test/dummy/lib/shared_security_questions_fields.rb +1 -0
data/test/dummy/lib/shared_user.rb +17 -6
data/test/dummy/lib/shared_user_without_omniauth.rb +12 -3
data/test/dummy/lib/shared_verification_fields.rb +1 -0
data/test/dummy/log/test.log +44592 -1151
data/test/i18n_test.rb +22 -0
data/test/integration/test_paranoid_verification_code_workflow.rb +53 -0
data/test/integration/test_password_expirable_workflow.rb +2 -6
data/test/integration/test_session_limitable_workflow.rb +5 -3
data/test/orm/active_record.rb +7 -7
data/test/orm/mongoid.rb +2 -1
data/test/support/integration_helpers.rb +10 -22
data/test/support/mongoid.yml +1 -1
data/test/test_compatibility.rb +2 -0
data/test/test_complexity_validator.rb +247 -37
data/test/test_database_authenticatable_patch.rb +146 -0
data/test/test_helper.rb +11 -12
data/test/test_install_generator.rb +2 -2
data/test/test_paranoid_verification.rb +8 -9
data/test/test_password_archivable.rb +34 -11
data/test/test_password_expirable.rb +27 -27
data/test/test_secure_validatable.rb +284 -50
data/test/test_secure_validatable_overrides.rb +185 -0
data/test/test_session_limitable.rb +9 -9
data/{lib/generators/templates/devise-security.rb → test/tmp/config/initializers/devise_security.rb} +9 -1
data/test/tmp/config/locales/devise.security_extension.by.yml +50 -0
data/test/tmp/config/locales/devise.security_extension.cs.yml +46 -0
data/test/tmp/config/locales/devise.security_extension.de.yml +4 -0
data/test/tmp/config/locales/devise.security_extension.en.yml +3 -1
data/test/tmp/config/locales/devise.security_extension.es.yml +22 -9
data/test/tmp/config/locales/devise.security_extension.fa.yml +2 -0
data/test/tmp/config/locales/devise.security_extension.fr.yml +15 -2
data/test/tmp/config/locales/devise.security_extension.hi.yml +43 -0
data/test/tmp/config/locales/devise.security_extension.it.yml +2 -0
data/test/tmp/config/locales/devise.security_extension.ja.yml +13 -0
data/test/tmp/config/locales/devise.security_extension.nl.yml +2 -0
data/test/tmp/config/locales/devise.security_extension.pt.yml +2 -0
data/test/tmp/config/locales/devise.security_extension.ru.yml +2 -0
data/test/tmp/config/locales/devise.security_extension.tr.yml +26 -1
data/test/tmp/config/locales/devise.security_extension.uk.yml +2 -0
data/test/tmp/config/locales/devise.security_extension.zh_CN.yml +2 -0
data/test/tmp/config/locales/devise.security_extension.zh_TW.yml +42 -0
metadata +65 -45
data/lib/devise-security/orm/active_record.rb +0 -20
data/lib/devise-security/patches/confirmations_controller_captcha.rb +0 -23
data/lib/devise-security/patches/confirmations_controller_security_question.rb +0 -26
data/lib/devise-security/patches/passwords_controller_captcha.rb +0 -22
data/lib/devise-security/patches/passwords_controller_security_question.rb +0 -25
data/lib/devise-security/patches/registrations_controller_captcha.rb +0 -35
data/lib/devise-security/patches/sessions_controller_captcha.rb +0 -26
data/lib/devise-security/patches/unlocks_controller_captcha.rb +0 -22
data/lib/devise-security/patches/unlocks_controller_security_question.rb +0 -25
data/lib/devise-security/schema.rb +0 -66
data/test/dummy/app/controllers/foos_controller.rb +0 -0
data/test/dummy/app/models/secure_user.rb +0 -9
data/test/dummy/lib/shared_user_without_email.rb +0 -28

data/test/test_secure_validatable.rb CHANGED Viewed

@@ -1,85 +1,319 @@
 # frozen_string_literal: true
 require 'test_helper'
-require 'rails_email_validator'
 class TestSecureValidatable < ActiveSupport::TestCase
   class User < ApplicationRecord
-    devise :database_authenticatable, :password_archivable,
-           :paranoid_verification, :password_expirable, :secure_validatable
+    devise :database_authenticatable, :secure_validatable
     include ::Mongoid::Mappings if DEVISE_ORM == :mongoid
   end
-  test 'email cannot be blank' do
-    msg = "Email can't be blank"
-    user = User.create password: 'passWord1', password_confirmation: 'passWord1'
+  class EmailNotRequiredUser < User
+    protected
-    assert_equal(false, user.valid?)
-    assert_equal([msg], user.errors.full_messages)
-    assert_raises(ORMInvalidRecordException) do
-      user.save!
+    def email_required?
+      false
     end
   end
+  test 'email cannot be blank upon creation' do
+    user = User.new(
+      password: 'Password1!', password_confirmation: 'Password1!'
+    )
+    assert user.invalid?
+    assert_equal(["Email can't be blank"], user.errors.full_messages)
+  end
+  test 'email can be blank upon creation if email not required' do
+    user = EmailNotRequiredUser.new(
+      password: 'Password1!', password_confirmation: 'Password1!'
+    )
+    assert user.valid?
+  end
+  test 'email cannot be updated to be blank' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
+    )
+    assert user.valid?
+    user.email = nil
+    assert user.invalid?
+    assert_equal(["Email can't be blank"], user.errors.full_messages)
+  end
+  test 'email can be updated to be blank if email not required' do
+    user = EmailNotRequiredUser.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
+    )
+    assert user.valid?
+    user.email = nil
+    assert user.valid?
+  end
   test 'email must be valid' do
-    msg = 'Email is invalid'
-    user = User.create email: 'bob', password: 'passWord1', password_confirmation: 'passWord1'
-    assert_equal(false, user.valid?)
-    assert_equal([msg], user.errors.full_messages)
-    assert_raises(ORMInvalidRecordException) do
-      user.save!
-    end
+    user = User.new(
+      email: 'bob', password: 'Password1!', password_confirmation: 'Password1!'
+    )
+    assert user.invalid?
+    assert_equal(['Email is invalid'], user.errors.full_messages)
   end
   test 'validate both email and password' do
-    msgs = ['Email is invalid', 'Password must contain at least one upper-case letter']
-    user = User.create email: 'bob@@foo.tv', password: 'password1', password_confirmation: 'password1'
-    assert_equal(false, user.valid?)
+    user = User.new(
+      email: 'bob',
+      password: 'password1!',
+      password_confirmation: 'password1!'
+    )
+    assert user.invalid?
+    assert_equal(
+      [
+        'Email is invalid',
+        'Password must contain at least one upper-case letter'
+      ],
+      user.errors.full_messages
+    )
+  end
+  test 'password cannot be blank upon creation' do
+    user = User.new(email: 'bob@microsoft.com')
+    msgs = ["Password can't be blank"]
+    msgs << "Encrypted password can't be blank" if DEVISE_ORM == :mongoid
+    assert user.invalid?
     assert_equal(msgs, user.errors.full_messages)
-    assert_raises(ORMInvalidRecordException) { user.save! }
+  end
+  test 'password cannot be updated to be blank' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
+    )
+    assert user.valid?
+    user.password = nil
+    user.password_confirmation = nil
+    assert user.invalid?
+    assert_equal(["Password can't be blank"], user.errors.full_messages)
+  end
+  test 'password_confirmation must match password' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'not the same password'
+    )
+    assert user.invalid?
+    assert_equal(
+      ["Password confirmation doesn't match Password"],
+      user.errors.full_messages
+    )
+  end
+  test 'password_confirmation cannot be blank' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: ''
+    )
+    assert user.invalid?
+    assert_equal(
+      ["Password confirmation doesn't match Password"],
+      user.errors.full_messages
+    )
+  end
+  test 'password_confirmation can be skipped' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: nil
+    )
+    assert user.valid?
   end
   test 'password must have capital letter' do
-    msgs = ['Password must contain at least one upper-case letter']
-    user = User.create email: 'bob@microsoft.com', password: 'password1', password_confirmation: 'password1'
-    assert_equal(false, user.valid?)
-    assert_equal(msgs, user.errors.full_messages)
-    assert_raises(ORMInvalidRecordException) { user.save! }
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'password1',
+      password_confirmation: 'password1'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least one upper-case letter'],
+      user.errors.full_messages
+    )
   end
   test 'password must have lowercase letter' do
-    msg = 'Password must contain at least one lower-case letter'
-    user = User.create email: 'bob@microsoft.com', password: 'PASSWORD1', password_confirmation: 'PASSWORD1'
-    assert_equal(false, user.valid?)
-    assert_equal([msg], user.errors.full_messages)
-    assert_raises(ORMInvalidRecordException) { user.save! }
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'PASSWORD1',
+      password_confirmation: 'PASSWORD1'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least one lower-case letter'],
+      user.errors.full_messages
+    )
   end
   test 'password must have number' do
-    msg = 'Password must contain at least one digit'
-    user = User.create email: 'bob@microsoft.com', password: 'PASSword', password_confirmation: 'PASSword'
-    assert_equal(false, user.valid?)
-    assert_equal([msg], user.errors.full_messages)
-    assert_raises(ORMInvalidRecordException) { user.save! }
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'PASSword',
+      password_confirmation: 'PASSword'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least one digit'],
+      user.errors.full_messages
+    )
   end
-  test 'password must have minimum length' do
-    msg = 'Password is too short (minimum is 7 characters)'
-    user = User.create email: 'bob@microsoft.com', password: 'Pa3zZ', password_confirmation: 'Pa3zZ'
-    assert_equal(false, user.valid?)
-    assert_equal([msg], user.errors.full_messages)
-    assert_raises(ORMInvalidRecordException) { user.save! }
+  test 'password must meet minimum length' do
+    user = User.new(
+      email: 'bob@microsoft.com',
+      password: 'Pa3zZ',
+      password_confirmation: 'Pa3zZ'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password is too short (minimum is 7 characters)'],
+      user.errors.full_messages
+    )
   end
-  test 'duplicate email validation message is added only once' do
+  test "new user can't use existing user's email" do
     options = {
-      email: 'test@example.org',
-      password: 'Test12345',
-      password_confirmation: 'Test12345',
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
     }
-    SecureUser.create!(options)
-    user = SecureUser.new(options)
-    refute user.valid?
-    assert_equal DEVISE_ORM == :active_record ? ['Email has already been taken'] : ['Email is already taken'], user.errors.full_messages
+    User.create!(options)
+    user = User.new(options)
+    assert user.invalid?
+    assert_equal(['Email has already been taken'], user.errors.full_messages)
+  end
+  test "new user can't use existing user's email with different casing" do
+    options = {
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
+    }
+    User.create!(options)
+    options[:email] = 'BOB@MICROSOFT.COM'
+    user = User.new(options)
+    assert user.invalid?
+    assert_equal(['Email has already been taken'], user.errors.full_messages)
+  end
+  test 'password cannot equal email for new user' do
+    user = User.new(
+      email: 'Bob1@microsoft.com',
+      password: 'Bob1@microsoft.com',
+      password_confirmation: 'Bob1@microsoft.com'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must be different than the email.'],
+      user.errors.full_messages
+    )
+  end
+  test 'password cannot equal case sensitive version of email for new user' do
+    user = User.new(
+      email: 'bob1@microsoft.com',
+      password: 'BoB1@microsoft.com',
+      password_confirmation: 'BoB1@microsoft.com'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must be different than the email.'],
+      user.errors.full_messages
+    )
+  end
+  test 'password cannot equal email with spaces for new user' do
+    user = User.new(
+      email: 'Bob1@microsoft.com',
+      password: 'Bob1@microsoft.com    ',
+      password_confirmation: 'Bob1@microsoft.com    '
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must be different than the email.'],
+      user.errors.full_messages
+    )
+  end
+  test 'password cannot equal case sensitive version of email with spaces '\
+       'for new user' do
+    user = User.new(
+      email: 'Bob1@microsoft.com',
+      password: '  boB1@microsoft.com   ',
+      password_confirmation: '  boB1@microsoft.com   '
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must be different than the email.'],
+      user.errors.full_messages
+    )
+  end
+  test 'new password cannot equal current password' do
+    user = User.create(
+      email: 'bob@microsoft.com',
+      password: 'Password1!',
+      password_confirmation: 'Password1!'
+    )
+    user.password = 'Password1!'
+    assert user.invalid?
+    assert_equal(
+      ['Password must be different than the current password.'],
+      user.errors.full_messages
+    )
+  end
+  test 'should not be included in objects with invalid API' do
+    error = assert_raise RuntimeError do
+      class ::Dog; include Devise::Models::SecureValidatable; end
+    end
+    assert_equal('Could not use SecureValidatable on Dog', error.message)
   end
 end

data/test/test_secure_validatable_overrides.rb ADDED Viewed

@@ -0,0 +1,185 @@
+# frozen_string_literal: true
+require 'test_helper'
+class TestSecureValidatableOverrides < ActiveSupport::TestCase
+  class ::CustomClassPasswordValidator < DeviseSecurity::PasswordComplexityValidator
+    def patterns
+      super.merge(letter: /\p{Alpha}/)
+    end
+  end
+  class ::CustomInstancePasswordValidator < DeviseSecurity::PasswordComplexityValidator
+    # Add a pattern for alphanumeric characters. See
+    # [en.yml](file:///./test/dummy/config/locales/en.yml) for translations used in
+    # tests.
+    def patterns
+      super.merge(alnum: /\p{Alnum}/)
+    end
+  end
+  class User < ApplicationRecord
+    devise :database_authenticatable, :secure_validatable
+    include ::Mongoid::Mappings if DEVISE_ORM == :mongoid
+  end
+  class ClassLevelOverrideUser < User
+    self.allow_passwords_equal_to_email = true
+    self.email_validation = false
+    self.password_complexity = { symbol: 1, letter: 1 }
+    self.password_complexity_validator = 'custom_class_password_validator'
+    self.password_length = 10..100
+  end
+  class InstanceLevelOverrideUser < ClassLevelOverrideUser
+    def allow_passwords_equal_to_email
+      true
+    end
+    def email_validation
+      false
+    end
+    def password_complexity
+      { symbol: 2, alnum: 1 }
+    end
+    def password_length
+      11..100
+    end
+    def password_complexity_validator
+      'CustomInstancePasswordValidator'
+    end
+  end
+  test 'email equal to password can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob1!@microsoft.com',
+      password: 'bob1!@microsoft.com',
+      password_confirmation: 'bob1!@microsoft.com'
+    )
+    assert user.valid?
+  end
+  test 'email equal to password can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob1!@microsoft.com',
+      password: 'bob1!@microsoft.com',
+      password_confirmation: 'bob1!@microsoft.com'
+    )
+    assert user.valid?
+  end
+  test 'email validation can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob1!@f.com',
+      password: 'Pa3zZ1!!aaaaaa',
+      password_confirmation: 'Pa3zZ1!!aaaaaa'
+    )
+    assert user.valid?
+  end
+  test 'email validation can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob1!@f.com',
+      password: 'Pa3zZ1!!aaaaaa',
+      password_confirmation: 'Pa3zZ1!!aaaaaa'
+    )
+    assert user.valid?
+  end
+  test 'password complexity can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'PASSwordddd',
+      password_confirmation: 'PASSwordddd'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least one punctuation mark or symbol'],
+      user.errors.full_messages
+    )
+  end
+  test 'password complexity can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'PASSwordddd',
+      password_confirmation: 'PASSwordddd'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least 2 punctuation marks or symbols'],
+      user.errors.full_messages
+    )
+  end
+  test 'password length can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'Pa3zZ1!',
+      password_confirmation: 'Pa3zZ1!'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password is too short (minimum is 10 characters)'],
+      user.errors.full_messages
+    )
+  end
+  test 'password length can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'Pa3zZ1!!',
+      password_confirmation: 'Pa3zZ1!!'
+    )
+    assert user.invalid?
+    assert_equal(
+      ['Password is too short (minimum is 11 characters)'],
+      user.errors.full_messages
+    )
+  end
+  test 'password validator can be overridden at the instance level' do
+    password = '!' * 11 # 11 characters, all symbols
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: password,
+      password_confirmation: password
+    )
+    assert user.invalid?
+    # This validation error only occurs when the CustomInstancePasswordValidator
+    # is used.
+    assert_equal(
+      ['Password must contain at least one letter or number'],
+      user.errors.full_messages
+    )
+  end
+  test 'password validator can be overridden at the class level' do
+    password = '!' * 10 # 10 characters, all symbols
+    user = ClassLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: password,
+      password_confirmation: password
+    )
+    assert user.invalid?
+    # This validation error only occurs when the CustomClassPasswordValidator
+    # is used.
+    assert_equal(
+      ['Password must contain at least one letter'],
+      user.errors.full_messages
+    )
+  end
+end

data/test/test_session_limitable.rb CHANGED Viewed

@@ -10,15 +10,15 @@ class TestSessionLimitable < ActiveSupport::TestCase
   end
   test 'check is not skipped by default' do
-    user = User.create email: 'bob@microsoft.com', password: 'password1', password_confirmation: 'password1'
-    assert_equal(false, user.skip_session_limitable?)
+    user = User.new(email: 'bob@microsoft.com', password: 'password1', password_confirmation: 'password1')
+    assert_not(user.skip_session_limitable?)
   end
   test 'default check can be overridden by record instance' do
-    modified_user = ModifiedUser.create email: 'bob2@microsoft.com', password: 'password1', password_confirmation: 'password1'
-    assert_equal(true, modified_user.skip_session_limitable?)
+    modified_user = ModifiedUser.new(email: 'bob2@microsoft.com', password: 'password1', password_confirmation: 'password1')
+    assert(modified_user.skip_session_limitable?)
   end
   class SessionLimitableUser < User
     devise :session_limitable
     include ::Mongoid::Mappings if DEVISE_ORM == :mongoid
@@ -34,7 +34,7 @@ class TestSessionLimitable < ActiveSupport::TestCase
     assert_nil user.unique_session_id
     user.update_unique_session_id!('unique_value')
     user.reload
-    assert_equal user.unique_session_id, 'unique_value'
+    assert_equal('unique_value', user.unique_session_id)
   end
   test '#update_unique_session_id!(value) updates invalid record atomically' do
@@ -45,13 +45,13 @@ class TestSessionLimitable < ActiveSupport::TestCase
     assert_nil user.unique_session_id
     user.update_unique_session_id!('unique_value')
     user.reload
-    assert_equal user.email, 'bob@microsoft.com'
-    assert_equal user.unique_session_id, 'unique_value'
+    assert_equal('bob@microsoft.com', user.email)
+    assert_equal('unique_value', user.unique_session_id)
   end
   test '#update_unique_session_id!(value) raises an exception on an unpersisted record' do
     user = User.create
-    assert !user.persisted?
+    assert_not user.persisted?
     assert_raises(Devise::Models::Compatibility::NotPersistedError) { user.update_unique_session_id!('unique_value') }
   end
 end

data/{lib/generators/templates/devise-security.rb → test/tmp/config/initializers/devise_security.rb} RENAMED Viewed

@@ -7,7 +7,9 @@ Devise.setup do |config|
   # Should the password expire (e.g 3.months)
   # config.expire_password_after = false
-  # Need 1 char of A-Z, a-z and 0-9
+  # Need 1 char each of: A-Z, a-z, 0-9, and a punctuation mark or symbol
+  # You may use "digits" in place of "digit" and "symbols" in place of
+  # "symbol" based on your preference
   # config.password_complexity = { digit: 1, lower: 1, symbol: 1, upper: 1 }
   # How many passwords to keep in archive
@@ -41,4 +43,10 @@ Devise.setup do |config|
   # Time period for account expiry from last_activity_at
   # config.expire_after = 90.days
+  # Allow password to equal the email
+  # config.allow_passwords_equal_to_email = false
+  # paranoid_verification will regenerate verification code after failed attempt
+  # config.paranoid_code_regenerate_after_attempt = 10
 end

data/test/tmp/config/locales/devise.security_extension.by.yml ADDED Viewed

@@ -0,0 +1,50 @@
+by:
+  errors:
+    messages:
+      taken_in_past: 'ужо раней выкарыстоўваўся.'
+      equal_to_current_password: 'павінен адрознівацца ад сучаснага пароля.'
+      equal_to_email: 'павінна адрознівацца ад электроннай пошты.'
+      password_complexity:
+        digit:
+          one: 'павінен утрымліваць хоць адну лічбу'
+          few: 'павінен утрымліваць хоць %{count} лічбы'
+          many: 'павінен утрымліваць хоць %{count} лічбы'
+          other: 'павінен утрымліваць хоць %{count} лічбы'
+        lower:
+          one: 'павінен утрымліваць хоць адну маленькую літару'
+          few: 'павінен утрымліваць хоць %{count} малыx літары'
+          many: 'павінен утрымліваць хоць %{count} малыx літары'
+          other: 'павінен утрымліваць хоць %{count} малыx літары'
+        symbol:
+          one: 'павінен утрымліваць хоць адзін знак пунктуацыі або сімвал'
+          few: 'павінен утрымліваць хоць %{count} знака пунктуацыі або сімвала'
+          many: 'павінен утрымліваць хоць %{count} знака пунктуацыі або сімвала'
+          other: 'павінен утрымліваць хоць %{count} знака пунктуацыі або сімвала'
+        upper:
+          one: 'павінен утрымліваць хоць адну вялікую літару'
+          few: 'павінен утрымліваць хоць %{count} вялікіx літары'
+          many: 'павінен утрымліваць хоць %{count} вялікіx літары'
+          other: 'павінен утрымліваць хоць %{count} вялікіx літары'
+  devise:
+    invalid_captcha: 'Уведзены няправільны код капчы.'
+    invalid_security_question: 'Адказ на сакрэтнае пытанне быў няправільны.'
+    paranoid_verify:
+      code_required: 'Калі ласка, увядзіце код, атрыманы ад нашай каманды падтрымкі'
+    paranoid_verification_code:
+      updated: Код спраўджання прыняты
+      show:
+        submit_verification_code: 'Увод кода пацверджання'
+        verification_code: 'Код пацверджання'
+        submit: 'Адправіць'
+    password_expired:
+      updated: 'Ваш новы пароль захаваны.'
+      change_required: 'Ваш пароль састарэў. Калі ласка, усталюйце новы.'
+      show:
+        renew_your_password: 'Змена пароля'
+        current_password: 'Сучасны пароль'
+        new_password: 'Новы пароль'
+        new_password_confirmation: 'Пацвердзіце новы пароль'
+        change_my_password: 'Змяніць пароль'
+    failure:
+      session_limited: 'Вашы параметры ўваходу выкарыстоўваюцца ў іншым браўзэры. Калі ласка, аўтарызуйцеся зноў, каб працягнуць у гэтым браўзэры.'
+      expired: 'Ваш уліковы запіс састарэў з-за неактыўнасці. Калі ласка, звяжыцеся з адміністратарам.'