devise-security 0.16.0 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (80) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +4 -2
  3. data/app/controllers/devise/paranoid_verification_code_controller.rb +13 -1
  4. data/app/controllers/devise/password_expired_controller.rb +14 -1
  5. data/config/locales/bg.yml +41 -0
  6. data/config/locales/de.yml +2 -0
  7. data/config/locales/en.yml +2 -1
  8. data/lib/devise-security/models/database_authenticatable_patch.rb +15 -5
  9. data/lib/devise-security/models/password_archivable.rb +2 -2
  10. data/lib/devise-security/models/secure_validatable.rb +51 -15
  11. data/lib/devise-security/validators/password_complexity_validator.rb +53 -26
  12. data/lib/devise-security/version.rb +1 -1
  13. data/lib/devise-security.rb +7 -2
  14. data/lib/generators/templates/devise_security.rb +3 -1
  15. data/test/controllers/test_paranoid_verification_code_controller.rb +68 -0
  16. data/test/controllers/test_password_expired_controller.rb +38 -0
  17. data/test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb +7 -0
  18. data/test/dummy/app/controllers/overrides/password_expired_controller.rb +7 -0
  19. data/test/dummy/app/controllers/widgets_controller.rb +3 -0
  20. data/test/dummy/app/models/application_user_record.rb +2 -1
  21. data/test/dummy/app/models/mongoid/confirmable_fields.rb +2 -0
  22. data/test/dummy/app/models/mongoid/database_authenticable_fields.rb +4 -3
  23. data/test/dummy/app/models/mongoid/expirable_fields.rb +2 -0
  24. data/test/dummy/app/models/mongoid/lockable_fields.rb +2 -0
  25. data/test/dummy/app/models/mongoid/mappings.rb +4 -2
  26. data/test/dummy/app/models/mongoid/omniauthable_fields.rb +2 -0
  27. data/test/dummy/app/models/mongoid/paranoid_verification_fields.rb +2 -0
  28. data/test/dummy/app/models/mongoid/password_archivable_fields.rb +2 -0
  29. data/test/dummy/app/models/mongoid/password_expirable_fields.rb +2 -0
  30. data/test/dummy/app/models/mongoid/recoverable_fields.rb +2 -0
  31. data/test/dummy/app/models/mongoid/registerable_fields.rb +4 -2
  32. data/test/dummy/app/models/mongoid/rememberable_fields.rb +2 -0
  33. data/test/dummy/app/models/mongoid/secure_validatable_fields.rb +2 -0
  34. data/test/dummy/app/models/mongoid/security_questionable_fields.rb +2 -0
  35. data/test/dummy/app/models/mongoid/session_limitable_fields.rb +2 -0
  36. data/test/dummy/app/models/mongoid/timeoutable_fields.rb +2 -0
  37. data/test/dummy/app/models/mongoid/trackable_fields.rb +2 -0
  38. data/test/dummy/app/models/mongoid/validatable_fields.rb +2 -0
  39. data/test/dummy/app/models/paranoid_verification_user.rb +26 -0
  40. data/test/dummy/app/models/password_expired_user.rb +26 -0
  41. data/test/dummy/app/models/user.rb +1 -2
  42. data/test/dummy/app/models/widget.rb +1 -3
  43. data/test/dummy/app/mongoid/one_user.rb +5 -5
  44. data/test/dummy/app/mongoid/user_on_engine.rb +2 -2
  45. data/test/dummy/app/mongoid/user_on_main_app.rb +2 -2
  46. data/test/dummy/app/mongoid/user_with_validations.rb +3 -3
  47. data/test/dummy/app/mongoid/user_without_email.rb +3 -3
  48. data/test/dummy/config/application.rb +4 -4
  49. data/test/dummy/config/boot.rb +1 -1
  50. data/test/dummy/config/environment.rb +1 -1
  51. data/test/dummy/config/locales/en.yml +10 -0
  52. data/test/dummy/config/routes.rb +2 -0
  53. data/test/dummy/db/migrate/20120508165529_create_tables.rb +3 -3
  54. data/test/dummy/lib/shared_expirable_columns.rb +1 -0
  55. data/test/dummy/lib/shared_security_questions_fields.rb +1 -0
  56. data/test/dummy/lib/shared_user.rb +17 -6
  57. data/test/dummy/lib/shared_user_without_email.rb +2 -1
  58. data/test/dummy/lib/shared_user_without_omniauth.rb +12 -3
  59. data/test/dummy/lib/shared_verification_fields.rb +1 -0
  60. data/test/dummy/log/development.log +0 -883
  61. data/test/dummy/log/test.log +95414 -15570
  62. data/test/integration/test_session_limitable_workflow.rb +2 -0
  63. data/test/orm/active_record.rb +7 -7
  64. data/test/test_compatibility.rb +2 -0
  65. data/test/test_complexity_validator.rb +246 -37
  66. data/test/test_database_authenticatable_patch.rb +146 -0
  67. data/test/test_helper.rb +7 -8
  68. data/test/test_install_generator.rb +1 -1
  69. data/test/test_paranoid_verification.rb +0 -1
  70. data/test/test_password_archivable.rb +34 -11
  71. data/test/test_password_expirable.rb +26 -26
  72. data/test/test_secure_validatable.rb +273 -107
  73. data/test/test_secure_validatable_overrides.rb +185 -0
  74. data/test/test_session_limitable.rb +2 -2
  75. data/test/tmp/config/initializers/{devise-security.rb → devise_security.rb} +3 -1
  76. data/test/tmp/config/locales/devise.security_extension.de.yml +2 -0
  77. data/test/tmp/config/locales/devise.security_extension.en.yml +2 -1
  78. data/test/tmp/config/locales/devise.security_extension.hi.yml +20 -20
  79. metadata +42 -19
  80. data/test/dummy/app/models/secure_user.rb +0 -9
@@ -1,11 +1,13 @@
1
- Dir[File.expand_path("*_fields.rb", __dir__)].each { |f| require_relative f }
1
+ # frozen_string_literal: true
2
+
3
+ Dir[File.expand_path('*_fields.rb', __dir__)].each { |f| require_relative f }
2
4
 
3
5
  module Mongoid
4
6
  module Mappings
5
7
  extend ::ActiveSupport::Concern
6
8
 
7
9
  included do
8
- self.devise_modules.each do |devise_module_name|
10
+ devise_modules.each do |devise_module_name|
9
11
  include "#{devise_module_name.to_s.classify}Fields".constantize
10
12
  end
11
13
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module OmniauthableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module ParanoidVerificationFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module PasswordArchivableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module PasswordExpirableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module RecoverableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module RegisterableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -5,10 +7,10 @@ module RegisterableFields
5
7
  include Mongoid::Document
6
8
 
7
9
  ## Database authenticatable
8
- field :email, type: String, default: ""
10
+ field :email, type: String, default: ''
9
11
  validates_presence_of :email
10
12
 
11
- field :encrypted_password, type: String, default: ""
13
+ field :encrypted_password, type: String, default: ''
12
14
  validates_presence_of :encrypted_password
13
15
 
14
16
  field :password_changed_at, type: Time
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module RememberableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module SecureValidatableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module SecurityQuestionableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module SessionLimitableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module TimeoutableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module TrackableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module ValidatableFields
2
4
  extend ::ActiveSupport::Concern
3
5
 
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: true
2
+
3
+ class ParanoidVerificationUser < ApplicationUserRecord
4
+ devise :database_authenticatable,
5
+ :confirmable,
6
+ :expirable,
7
+ :lockable,
8
+ :omniauthable,
9
+ :paranoid_verification,
10
+ :password_archivable,
11
+ :password_expirable,
12
+ :recoverable,
13
+ :registerable,
14
+ :rememberable,
15
+ :secure_validatable,
16
+ :security_questionable,
17
+ :session_limitable,
18
+ :timeoutable,
19
+ :trackable,
20
+ :validatable
21
+
22
+ if DEVISE_ORM == :mongoid
23
+ require './test/dummy/app/models/mongoid/mappings'
24
+ include ::Mongoid::Mappings
25
+ end
26
+ end
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: true
2
+
3
+ class PasswordExpiredUser < ApplicationUserRecord
4
+ devise :database_authenticatable,
5
+ :confirmable,
6
+ :expirable,
7
+ :lockable,
8
+ :omniauthable,
9
+ :paranoid_verification,
10
+ :password_archivable,
11
+ :password_expirable,
12
+ :recoverable,
13
+ :registerable,
14
+ :rememberable,
15
+ :secure_validatable,
16
+ :security_questionable,
17
+ :session_limitable,
18
+ :timeoutable,
19
+ :trackable,
20
+ :validatable
21
+
22
+ if DEVISE_ORM == :mongoid
23
+ require './test/dummy/app/models/mongoid/mappings'
24
+ include ::Mongoid::Mappings
25
+ end
26
+ end
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  class User < ApplicationRecord
4
-
5
4
  devise :database_authenticatable,
6
5
  :confirmable,
7
6
  :expirable,
@@ -25,7 +24,7 @@ class User < ApplicationRecord
25
24
  if DEVISE_ORM == :mongoid
26
25
  require './test/dummy/app/models/mongoid/mappings'
27
26
  include ::Mongoid::Mappings
28
-
27
+
29
28
  def some_method_calling_mongoid
30
29
  Mongoid.logger
31
30
  end
@@ -4,7 +4,5 @@ class Widget < ApplicationRecord
4
4
  belongs_to :user
5
5
  validates_associated :user
6
6
 
7
- if DEVISE_ORM == :mongoid
8
- field :name, type: String
9
- end
7
+ field :name, type: String if DEVISE_ORM == :mongoid
10
8
  end
@@ -11,16 +11,16 @@ class OneUser
11
11
  field :password_changed_at, type: Time
12
12
  index({ password_changed_at: 1 }, {})
13
13
 
14
- #field :paranoid_verification_code, type: String
15
- #field :paranoid_verified_at, type: Time
16
- #field :paranoid_verification_attempt, type: Integer, default: 0
14
+ field :paranoid_verification_code, type: String
15
+ field :paranoid_verified_at, type: Time
16
+ field :paranoid_verification_attempt, type: Integer, default: 0
17
17
 
18
18
  field :username, type: String
19
19
  field :facebook_token, type: String
20
20
 
21
21
  ## Database authenticatable
22
- field :email, type: String, default: ""
23
- field :encrypted_password, type: String, default: ""
22
+ field :email, type: String, default: ''
23
+ field :encrypted_password, type: String, default: ''
24
24
 
25
25
  ## Recoverable
26
26
  field :reset_password_token, type: String
@@ -11,8 +11,8 @@ class UserOnEngine
11
11
  field :facebook_token, type: String
12
12
 
13
13
  ## Database authenticatable
14
- field :email, type: String, default: ""
15
- field :encrypted_password, type: String, default: ""
14
+ field :email, type: String, default: ''
15
+ field :encrypted_password, type: String, default: ''
16
16
 
17
17
  ## Recoverable
18
18
  field :reset_password_token, type: String
@@ -11,8 +11,8 @@ class UserOnMainApp
11
11
  field :facebook_token, type: String
12
12
 
13
13
  ## Database authenticatable
14
- field :email, type: String, default: ""
15
- field :encrypted_password, type: String, default: ""
14
+ field :email, type: String, default: ''
15
+ field :encrypted_password, type: String, default: ''
16
16
 
17
17
  ## Recoverable
18
18
  field :reset_password_token, type: String
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "shared_user"
3
+ require 'shared_user'
4
4
 
5
5
  class UserWithValidations
6
6
  include Mongoid::Document
@@ -11,8 +11,8 @@ class UserWithValidations
11
11
  field :facebook_token, type: String
12
12
 
13
13
  ## Database authenticatable
14
- field :email, type: String, default: ""
15
- field :encrypted_password, type: String, default: ""
14
+ field :email, type: String, default: ''
15
+ field :encrypted_password, type: String, default: ''
16
16
 
17
17
  ## Recoverable
18
18
  field :reset_password_token, type: String
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "shared_user_without_email"
3
+ require 'shared_user_without_email'
4
4
 
5
5
  class UserWithoutEmail
6
6
  include Mongoid::Document
@@ -11,8 +11,8 @@ class UserWithoutEmail
11
11
  field :facebook_token, type: String
12
12
 
13
13
  ## Database authenticatable
14
- field :email, type: String, default: ""
15
- field :encrypted_password, type: String, default: ""
14
+ field :email, type: String, default: ''
15
+ field :encrypted_password, type: String, default: ''
16
16
 
17
17
  ## Recoverable
18
18
  field :reset_password_token, type: String
@@ -1,10 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require File.expand_path('../boot', __FILE__)
3
+ require File.expand_path('boot', __dir__)
4
4
 
5
5
  require 'action_mailer/railtie'
6
- require "action_mailer/railtie"
7
- require "rails/test_unit/railtie"
6
+ require 'action_mailer/railtie'
7
+ require 'rails/test_unit/railtie'
8
8
  DEVISE_ORM = ENV.fetch('DEVISE_ORM', 'active_record').to_sym
9
9
 
10
10
  Bundler.require :default, DEVISE_ORM
@@ -25,6 +25,6 @@ module RailsApp
25
25
  config.assets.enabled = true
26
26
 
27
27
  config.assets.version = '1.0'
28
- config.secret_key_base = 'fuuuuuuuuuuu'
28
+ config.secret_key_base = 'foobar'
29
29
  end
30
30
  end
@@ -3,6 +3,6 @@
3
3
  require 'rubygems'
4
4
 
5
5
  # Set up gems listed in the Gemfile.
6
- ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
6
+ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
7
7
 
8
8
  require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  # Load the rails application
4
- require File.expand_path('../application', __FILE__)
4
+ require File.expand_path('application', __dir__)
5
5
 
6
6
  # Initialize the rails application
7
7
  RailsApp::Application.initialize!
@@ -0,0 +1,10 @@
1
+ en:
2
+ errors:
3
+ messages:
4
+ password_complexity:
5
+ letter:
6
+ one: must contain at least one letter
7
+ other: must contain at least %{count} letters
8
+ alnum:
9
+ one: must contain at least one letter or number
10
+ other: must contain at least %{count} letters or numbers
@@ -4,6 +4,8 @@ RailsApp::Application.routes.draw do
4
4
  devise_for :users
5
5
 
6
6
  devise_for :captcha_users, only: [:sessions], controllers: { sessions: 'captcha/sessions' }
7
+ devise_for :password_expired_users, only: [:password_expired], controllers: { password_expired: 'overrides/password_expired' }
8
+ devise_for :paranoid_verification_users, only: [:verification_code], controllers: { paranoid_verification_code: 'overrides/paranoid_verification_code' }
7
9
  devise_for :security_question_users, only: [:sessions, :unlocks], controllers: { unlocks: 'security_question/unlocks' }
8
10
 
9
11
  resources :foos
@@ -33,10 +33,10 @@ class CreateTables < MIGRATION_CLASS
33
33
  end
34
34
 
35
35
  create_table :old_passwords do |t|
36
- t.string :encrypted_password, :null => false
36
+ t.string :encrypted_password, null: false
37
37
  t.string :password_salt
38
- t.string :password_archivable_type, :null => false
39
- t.integer :password_archivable_id, :null => false
38
+ t.string :password_archivable_type, null: false
39
+ t.integer :password_archivable_id, null: false
40
40
  t.datetime :created_at
41
41
  end
42
42
  add_index :old_passwords, [:password_archivable_type, :password_archivable_id], name: 'index_password_archivable'
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  require 'shared_user'
3
4
 
4
5
  module SharedVerificationColumns
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  require 'shared_user'
3
4
 
4
5
  module SharedSecurityQuestionsFields
@@ -4,10 +4,21 @@ module SharedUser
4
4
  extend ActiveSupport::Concern
5
5
 
6
6
  included do
7
- devise :database_authenticatable, :confirmable, :lockable, :recoverable,
8
- :registerable, :rememberable, :timeoutable,
9
- :trackable, :secure_validatable, :omniauthable, :validatable, password_length: 7..72,
10
- reconfirmable: false
7
+ devise(
8
+ :database_authenticatable,
9
+ :confirmable,
10
+ :lockable,
11
+ :recoverable,
12
+ :registerable,
13
+ :rememberable,
14
+ :timeoutable,
15
+ :trackable,
16
+ :secure_validatable,
17
+ :omniauthable,
18
+ :validatable,
19
+ password_length: 7..72,
20
+ reconfirmable: false
21
+ )
11
22
 
12
23
  attr_accessor :other_key
13
24
 
@@ -22,8 +33,8 @@ module SharedUser
22
33
  module ExtendMethods
23
34
  def new_with_session(params, session)
24
35
  super.tap do |user|
25
- if data = session["devise.facebook_data"]
26
- user.email = data["email"]
36
+ if (data = session['devise.facebook_data'])
37
+ user.email = data['email']
27
38
  user.confirmed_at = Time.zone.now
28
39
  end
29
40
  end
@@ -21,8 +21,9 @@ module SharedUserWithoutEmail
21
21
  raise NoMethodError
22
22
  end
23
23
 
24
- def respond_to?(method_name, include_all=false)
24
+ def respond_to?(method_name, include_all = false)
25
25
  return false if method_name.to_sym == :email_changed?
26
+
26
27
  super(method_name, include_all)
27
28
  end
28
29
  end
@@ -4,9 +4,18 @@ module SharedUserWithoutOmniauth
4
4
  extend ActiveSupport::Concern
5
5
 
6
6
  included do
7
- devise :database_authenticatable, :confirmable, :lockable, :recoverable,
8
- :registerable, :rememberable, :timeoutable,
9
- :trackable, :validatable, reconfirmable: false
7
+ devise(
8
+ :database_authenticatable,
9
+ :confirmable,
10
+ :lockable,
11
+ :recoverable,
12
+ :registerable,
13
+ :rememberable,
14
+ :timeoutable,
15
+ :trackable,
16
+ :validatable,
17
+ reconfirmable: false
18
+ )
10
19
  end
11
20
 
12
21
  def raw_confirmation_token
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  require 'shared_user'
3
4
 
4
5
  module SharedVerificationFields