devise-security 0.16.0 → 0.17.0

data/test/test_secure_validatable_overrides.rb

@@ -0,0 +1,185 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class TestSecureValidatableOverrides < ActiveSupport::TestCase
+  class ::CustomClassPasswordValidator < DeviseSecurity::PasswordComplexityValidator
+    def patterns
+      super.merge(letter: /\p{Alpha}/)
+    end
+  end
+
+  class ::CustomInstancePasswordValidator < DeviseSecurity::PasswordComplexityValidator
+    # Add a pattern for alphanumeric characters. See
+    # [en.yml](file:///./test/dummy/config/locales/en.yml) for translations used in
+    # tests.
+    def patterns
+      super.merge(alnum: /\p{Alnum}/)
+    end
+  end
+
+  class User < ApplicationRecord
+    devise :database_authenticatable, :secure_validatable
+    include ::Mongoid::Mappings if DEVISE_ORM == :mongoid
+  end
+
+  class ClassLevelOverrideUser < User
+    self.allow_passwords_equal_to_email = true
+    self.email_validation = false
+    self.password_complexity = { symbol: 1, letter: 1 }
+    self.password_complexity_validator = 'custom_class_password_validator'
+    self.password_length = 10..100
+  end
+
+  class InstanceLevelOverrideUser < ClassLevelOverrideUser
+    def allow_passwords_equal_to_email
+      true
+    end
+
+    def email_validation
+      false
+    end
+
+    def password_complexity
+      { symbol: 2, alnum: 1 }
+    end
+
+    def password_length
+      11..100
+    end
+
+    def password_complexity_validator
+      'CustomInstancePasswordValidator'
+    end
+  end
+
+  test 'email equal to password can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob1!@microsoft.com',
+      password: 'bob1!@microsoft.com',
+      password_confirmation: 'bob1!@microsoft.com'
+    )
+
+    assert user.valid?
+  end
+
+  test 'email equal to password can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob1!@microsoft.com',
+      password: 'bob1!@microsoft.com',
+      password_confirmation: 'bob1!@microsoft.com'
+    )
+
+    assert user.valid?
+  end
+
+  test 'email validation can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob1!@f.com',
+      password: 'Pa3zZ1!!aaaaaa',
+      password_confirmation: 'Pa3zZ1!!aaaaaa'
+    )
+
+    assert user.valid?
+  end
+
+  test 'email validation can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob1!@f.com',
+      password: 'Pa3zZ1!!aaaaaa',
+      password_confirmation: 'Pa3zZ1!!aaaaaa'
+    )
+
+    assert user.valid?
+  end
+
+  test 'password complexity can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'PASSwordddd',
+      password_confirmation: 'PASSwordddd'
+    )
+
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least one punctuation mark or symbol'],
+      user.errors.full_messages
+    )
+  end
+
+  test 'password complexity can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'PASSwordddd',
+      password_confirmation: 'PASSwordddd'
+    )
+
+    assert user.invalid?
+    assert_equal(
+      ['Password must contain at least 2 punctuation marks or symbols'],
+      user.errors.full_messages
+    )
+  end
+
+  test 'password length can be overridden at the class level' do
+    user = ClassLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'Pa3zZ1!',
+      password_confirmation: 'Pa3zZ1!'
+    )
+
+    assert user.invalid?
+    assert_equal(
+      ['Password is too short (minimum is 10 characters)'],
+      user.errors.full_messages
+    )
+  end
+
+  test 'password length can be overridden at the instance level' do
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: 'Pa3zZ1!!',
+      password_confirmation: 'Pa3zZ1!!'
+    )
+
+    assert user.invalid?
+    assert_equal(
+      ['Password is too short (minimum is 11 characters)'],
+      user.errors.full_messages
+    )
+  end
+
+  test 'password validator can be overridden at the instance level' do
+    password = '!' * 11 # 11 characters, all symbols
+    user = InstanceLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: password,
+      password_confirmation: password
+    )
+
+    assert user.invalid?
+    # This validation error only occurs when the CustomInstancePasswordValidator
+    # is used.
+    assert_equal(
+      ['Password must contain at least one letter or number'],
+      user.errors.full_messages
+    )
+  end
+
+  test 'password validator can be overridden at the class level' do
+    password = '!' * 10 # 10 characters, all symbols
+    user = ClassLevelOverrideUser.new(
+      email: 'bob@microsoft.com',
+      password: password,
+      password_confirmation: password
+    )
+
+    assert user.invalid?
+    # This validation error only occurs when the CustomClassPasswordValidator
+    # is used.
+    assert_equal(
+      ['Password must contain at least one letter'],
+      user.errors.full_messages
+    )
+  end
+end

data/test/test_session_limitable.rb

@@ -18,7 +18,7 @@ class TestSessionLimitable < ActiveSupport::TestCase
     modified_user = ModifiedUser.create email: 'bob2@microsoft.com', password: 'password1', password_confirmation: 'password1'
     assert_equal(true, modified_user.skip_session_limitable?)
   end
-    
+
   class SessionLimitableUser < User
     devise :session_limitable
     include ::Mongoid::Mappings if DEVISE_ORM == :mongoid
@@ -51,7 +51,7 @@ class TestSessionLimitable < ActiveSupport::TestCase
 
   test '#update_unique_session_id!(value) raises an exception on an unpersisted record' do
     user = User.create
-    assert !user.persisted?
+    assert_not user.persisted?
     assert_raises(Devise::Models::Compatibility::NotPersistedError) { user.update_unique_session_id!('unique_value') }
   end
 end

data/test/tmp/config/initializers/{devise-security.rb → devise_security.rb}

@@ -7,7 +7,9 @@ Devise.setup do |config|
   # Should the password expire (e.g 3.months)
   # config.expire_password_after = false
 
-  # Need 1 char of A-Z, a-z and 0-9
+  # Need 1 char each of: A-Z, a-z, 0-9, and a punctuation mark or symbol
+  # You may use "digits" in place of "digit" and "symbols" in place of
+  # "symbol" based on your preference
   # config.password_complexity = { digit: 1, lower: 1, symbol: 1, upper: 1 }
 
   # How many passwords to keep in archive

data/test/tmp/config/locales/devise.security_extension.de.yml

@@ -19,8 +19,10 @@ de:
           other: muss mindestens %{count} Großbuchstaben enthalten
   devise:
     invalid_captcha: 'Die Captcha-Eingabe ist nicht gültig.'
+    invalid_security_question: 'Die Antwort auf die Sicherheitsfrage war ungültig.'
     paranoid_verify:
       code_required: 'Bitte geben Sie den Code ein, den unser Support-Team zur Verfügung gestellt hat.'
+    paranoid_verification_code:
       show:
         submit_verification_code: Bestätigungscode eingeben
         verification_code: Bestätigungscode

data/test/tmp/config/locales/devise.security_extension.en.yml

@@ -7,7 +7,7 @@ en:
       password_complexity:
         digit:
           one: must contain at least one digit
-          other: must contain at least %{count} numerals
+          other: must contain at least %{count} digits
         lower:
           one: must contain at least one lower-case letter
           other: must contain at least %{count} lower-case letters
@@ -23,6 +23,7 @@ en:
     paranoid_verify:
       code_required: 'Please enter the code our support team provided'
     paranoid_verification_code:
+      updated: Verification code accepted
       show:
         submit_verification_code: Submit verification code
         verification_code: Verification code

data/test/tmp/config/locales/devise.security_extension.hi.yml

@@ -2,41 +2,41 @@
 hi:
   errors:
     messages:
-      taken_in_past: यह पासवर्ड, आपके द्वारा पूर्व मे प्रयोग किया जा चुका है  
-      equal_to_current_password: नया पासवर्ड, वर्तमान पासवर्ड से भिन्न होना चाहिए 
+      taken_in_past: यह पासवर्ड, आपके द्वारा पूर्व मे प्रयोग किया जा चुका है
+      equal_to_current_password: नया पासवर्ड, वर्तमान पासवर्ड से भिन्न होना चाहिए
       equal_to_email: ईमेल से अलग होना चाहिए
       password_complexity:
         digit:
-          one: एक अंक होना चाहिए 
-          other: कम से कम %{count} अंक होने चाहिए  
+          one: एक अंक होना चाहिए
+          other: कम से कम %{count} अंक होने चाहिए
         lower:
-          one: एक लोअर-केस अक्षर होना चाहिए 
-          other: कम से कम %{count} अक्षर होने चाहिए  
+          one: एक लोअर-केस अक्षर होना चाहिए
+          other: कम से कम %{count} अक्षर होने चाहिए
         symbol:
-          one: एक चिन्ह होना चाहिए 
-          other: कम से कम %{count} चिन्ह होने चाहिए  
+          one: एक चिन्ह होना चाहिए
+          other: कम से कम %{count} चिन्ह होने चाहिए
         upper:
-          one: एक अपर-केस अक्षर होना चाहिए 
-          other: कम से कम %{count} अपर-केस अक्षर होने चाहिए  
+          one: एक अपर-केस अक्षर होना चाहिए
+          other: कम से कम %{count} अपर-केस अक्षर होने चाहिए
   devise:
     invalid_captcha: अमान्य कॅप्टचा
     invalid_security_question: अमान्य सुरक्षा उत्तर
     paranoid_verify:
-      code_required: सपोर्ट टीम द्वारा दिया गया कोड डाले 
+      code_required: सपोर्ट टीम द्वारा दिया गया कोड डाले
     paranoid_verification_code:
       show:
-        submit_verification_code: वेरिफिकेशन कोड डाले 
-        verification_code: वेरिफिकेशन कोड 
-        submit: सबमिट 
+        submit_verification_code: वेरिफिकेशन कोड डाले
+        verification_code: वेरिफिकेशन कोड
+        submit: सबमिट
     password_expired:
       updated: पासवर्ड अद्यतन किया गया
-      change_required: पासवर्ड अमान्य हो चुका, पासवर्ड बदले 
+      change_required: पासवर्ड अमान्य हो चुका, पासवर्ड बदले
       show:
-        renew_your_password: पासवर्ड बदले 
+        renew_your_password: पासवर्ड बदले
         current_password: वर्तमान पासवर्ड
-        new_password: नया पासवर्ड 
-        new_password_confirmation: नए पासवर्ड की पुष्टि करें 
-        change_my_password: पासवर्ड बदले 
+        new_password: नया पासवर्ड
+        new_password_confirmation: नए पासवर्ड की पुष्टि करें
+        change_my_password: पासवर्ड बदले
     failure:
-      session_limited: जानकारी, दूसरे ब्राउज़र में उपयोग की गयी थी जारी रखने फिर से साइन-इन करे 
+      session_limited: जानकारी, दूसरे ब्राउज़र में उपयोग की गयी थी जारी रखने फिर से साइन-इन करे
       expired: कोई गतिविधि न होने के कारण खाता बंद हो गया, सिस्टम व्यवस्थापक से संपर्क करें

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise-security
 version: !ruby/object:Gem::Version
-  version: 0.16.0
+  version: 0.17.0
 platform: ruby
 authors:
 - Marco Scholl
@@ -12,7 +12,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-03 00:00:00.000000000 Z
+date: 2021-12-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -21,9 +21,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 4.3.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -31,9 +28,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 4.3.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -122,16 +116,16 @@ dependencies:
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
@@ -180,14 +174,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.80.0
+        version: 0.83.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.80.0
+        version: 0.83.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rails
   requirement: !ruby/object:Gem::Requirement
@@ -230,6 +224,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: solargraph-arc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: An enterprise security extension for devise.
 email: natebird@gmail.com
 executables: []
@@ -242,6 +250,7 @@ files:
 - app/controllers/devise/password_expired_controller.rb
 - app/views/devise/paranoid_verification_code/show.html.erb
 - app/views/devise/password_expired/show.html.erb
+- config/locales/bg.yml
 - config/locales/by.yml
 - config/locales/cs.yml
 - config/locales/de.yml
@@ -297,6 +306,7 @@ files:
 - lib/generators/devise_security/install_generator.rb
 - lib/generators/templates/devise_security.rb
 - test/controllers/test_captcha_controller.rb
+- test/controllers/test_paranoid_verification_code_controller.rb
 - test/controllers/test_password_expired_controller.rb
 - test/controllers/test_security_question_controller.rb
 - test/dummy/Rakefile
@@ -304,6 +314,8 @@ files:
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/controllers/captcha/sessions_controller.rb
 - test/dummy/app/controllers/foos_controller.rb
+- test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb
+- test/dummy/app/controllers/overrides/password_expired_controller.rb
 - test/dummy/app/controllers/security_question/unlocks_controller.rb
 - test/dummy/app/controllers/widgets_controller.rb
 - test/dummy/app/models/application_record.rb
@@ -327,7 +339,8 @@ files:
 - test/dummy/app/models/mongoid/timeoutable_fields.rb
 - test/dummy/app/models/mongoid/trackable_fields.rb
 - test/dummy/app/models/mongoid/validatable_fields.rb
-- test/dummy/app/models/secure_user.rb
+- test/dummy/app/models/paranoid_verification_user.rb
+- test/dummy/app/models/password_expired_user.rb
 - test/dummy/app/models/security_question_user.rb
 - test/dummy/app/models/user.rb
 - test/dummy/app/models/widget.rb
@@ -347,6 +360,7 @@ files:
 - test/dummy/config/environments/test.rb
 - test/dummy/config/initializers/devise.rb
 - test/dummy/config/initializers/migration_class.rb
+- test/dummy/config/locales/en.yml
 - test/dummy/config/mongoid.yml
 - test/dummy/config/routes.rb
 - test/dummy/config/secrets.yml
@@ -376,14 +390,16 @@ files:
 - test/support/mongoid.yml
 - test/test_compatibility.rb
 - test/test_complexity_validator.rb
+- test/test_database_authenticatable_patch.rb
 - test/test_helper.rb
 - test/test_install_generator.rb
 - test/test_paranoid_verification.rb
 - test/test_password_archivable.rb
 - test/test_password_expirable.rb
 - test/test_secure_validatable.rb
+- test/test_secure_validatable_overrides.rb
 - test/test_session_limitable.rb
-- test/tmp/config/initializers/devise-security.rb
+- test/tmp/config/initializers/devise_security.rb
 - test/tmp/config/locales/devise.security_extension.by.yml
 - test/tmp/config/locales/devise.security_extension.cs.yml
 - test/tmp/config/locales/devise.security_extension.de.yml
@@ -420,7 +436,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.9
+rubygems_version: 3.3.0
 signing_key:
 specification_version: 4
 summary: Security extension for devise
@@ -453,11 +469,14 @@ test_files:
 - test/dummy/app/models/mongoid/omniauthable_fields.rb
 - test/dummy/app/models/security_question_user.rb
 - test/dummy/app/models/application_user_record.rb
-- test/dummy/app/models/secure_user.rb
 - test/dummy/app/models/widget.rb
+- test/dummy/app/models/password_expired_user.rb
+- test/dummy/app/models/paranoid_verification_user.rb
 - test/dummy/app/models/application_record.rb
 - test/dummy/app/models/captcha_user.rb
 - test/dummy/app/models/user.rb
+- test/dummy/app/controllers/overrides/password_expired_controller.rb
+- test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/controllers/captcha/sessions_controller.rb
 - test/dummy/app/controllers/foos_controller.rb
@@ -468,6 +487,7 @@ test_files:
 - test/dummy/config/secrets.yml
 - test/dummy/config/routes.rb
 - test/dummy/config/mongoid.yml
+- test/dummy/config/locales/en.yml
 - test/dummy/config/environments/test.rb
 - test/dummy/config/environment.rb
 - test/dummy/config/application.rb
@@ -496,9 +516,11 @@ test_files:
 - test/dummy/log/test.log
 - test/dummy/log/development.log
 - test/test_install_generator.rb
+- test/test_secure_validatable_overrides.rb
 - test/test_paranoid_verification.rb
 - test/integration/test_session_limitable_workflow.rb
 - test/integration/test_password_expirable_workflow.rb
+- test/test_database_authenticatable_patch.rb
 - test/test_secure_validatable.rb
 - test/test_session_limitable.rb
 - test/support/mongoid.yml
@@ -509,6 +531,7 @@ test_files:
 - test/test_compatibility.rb
 - test/test_password_expirable.rb
 - test/controllers/test_security_question_controller.rb
+- test/controllers/test_paranoid_verification_code_controller.rb
 - test/controllers/test_captcha_controller.rb
 - test/controllers/test_password_expired_controller.rb
 - test/tmp/config/locales/devise.security_extension.by.yml
@@ -528,5 +551,5 @@ test_files:
 - test/tmp/config/locales/devise.security_extension.uk.yml
 - test/tmp/config/locales/devise.security_extension.zh_TW.yml
 - test/tmp/config/locales/devise.security_extension.cs.yml
-- test/tmp/config/initializers/devise-security.rb
+- test/tmp/config/initializers/devise_security.rb
 - test/test_complexity_validator.rb

data/test/dummy/app/models/secure_user.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-class SecureUser < ApplicationUserRecord
-  devise :database_authenticatable, :secure_validatable, email_validation: false
-  if DEVISE_ORM == :mongoid
-    require './test/dummy/app/models/mongoid/mappings'
-    include ::Mongoid::Mappings
-  end
-end