devise-security 0.16.0 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1d065158ce85c823918ca0fb7ad40382ca9957f7c5e0847e1fec86e1eaed0ffb
-  data.tar.gz: fa07606b583076da6b68ceeddf70f74f80c05f3adf752a057b8f935c9af68fb6
+  metadata.gz: 30c17693a3331769b786cf6925dcce0b62087a894960309ad316189613b62291
+  data.tar.gz: defa2b29a2d67e7615062ab6bea7518b37b6f24ed4735016a4fca4ef860ffbd0
 SHA512:
-  metadata.gz: 7f18a70374b20c80908006811184fc4757c4f678e11ff226d60b78ff0a3c1cf2612382185911b23692c6c7ed1553914f1361ab1243948ad1e1ff3ac91fdb5ab7
-  data.tar.gz: 68e392e9f0049659ad62977a0bb31910d4942b26ab24fab11b28e1e875286f2b48e9da20dd952f94bc4ac8350b1cd5199d9984e431d4664c865544a095b274b8
+  metadata.gz: 54fa56d5e200c73e329d1f07eb1845ce2be695ffb4afa20f475d624fb6615f1583a161c8eec8fa5f84643b957a0d9e4d4d653d5f5071f7b73784bf843a520a70
+  data.tar.gz: 891fcf2b29571ee6fca9d667ddbc211cf27a5ba64e6048b33d3f63a6f395e02ef88d51a6c35da3bfe761b42c04bf1a57e118ae9bb46ebb22212eb85f9a0b3179

data/LICENSE.txt

@@ -1,4 +1,6 @@
-Copyright (c) 2011 Marco Scholl
+Copyright (c) 2017-2022 Dillon Welch & Kevin Olbrich.
+
+Copyright (c) 2011-2017 Marco Scholl
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -1,6 +1,6 @@
 # Devise Security
 
-[![Build Status](https://travis-ci.org/devise-security/devise-security.svg?branch=master)](https://travis-ci.org/devise-security/devise-security)
+[![Build Status](https://github.com/devise-security/devise-security/actions/workflows/test_suite.yml/badge.svg?branch=master)](https://github.com/devise-security/devise-security/actions/workflows/test_suite.yml)
 [![Coverage Status](https://coveralls.io/repos/github/devise-security/devise-security/badge.svg?branch=master)](https://coveralls.io/github/devise-security/devise-security?branch=master)
 [![Maintainability](https://api.codeclimate.com/v1/badges/ace7cd003a0db8bffa5a/maintainability)](https://codeclimate.com/github/devise-security/devise-security/maintainability)
 
@@ -37,7 +37,7 @@ automated mass creation and brute forcing of accounts harder)
 
 ## Getting started
 
-Devise Security works with Devise on Rails >= 5.0. You can add it to your
+Devise Security works with Devise on Rails >= 5.2. You can add it to your
 Gemfile after you successfully set up Devise (see
 [Devise documentation](https://github.com/heartcombo/devise)) with:
 
@@ -89,6 +89,8 @@ Devise.setup do |config|
   # config.expire_password_after = 3.months | true | false
 
   # Need 1 char each of: A-Z, a-z, 0-9, and a punctuation mark or symbol
+  # You may use "digits" in place of "digit" and "symbols" in place of
+  # "symbol" based on your preference
   # config.password_complexity = { digit: 1, lower: 1, symbol: 1, upper: 1 }
 
   # Number of old passwords in archive
@@ -127,6 +129,9 @@ Devise.setup do |config|
 
   # Allow passwords to be equal to email (false, true)
   # config.allow_passwords_equal_to_email = false
+
+  # paranoid_verification will regenerate verification code after failed attempt
+  # config.paranoid_code_regenerate_after_attempt = 10
 end
 ```
 
@@ -321,7 +326,7 @@ end
 ## Requirements
 
 - Devise (<https://github.com/heartcombo/devise>)
-- Rails 5.0 onwards (<http://github.com/rails/rails>)
+- Rails 5.2 onwards (<http://github.com/rails/rails>)
 - recommendations:
   - `autocomplete-off` (<http://github.com/phatworx/autocomplete-off>)
   - `easy_captcha` (<http://github.com/phatworx/easy_captcha>)
@@ -375,17 +380,23 @@ Standard tests can be invoked using `rake`. To run the tests against the
 
 ## Maintenance Policy
 
-We are committed to maintain support for `devise-security` for all normal or
+We are committed to maintaining support for `devise-security` for all normal or
 security maintenance versions of the Ruby language
 [as listed here](https://www.ruby-lang.org/en/downloads/branches/), and for the
 Ruby on Rails framework
 [as per their maintenance policy](https://rubyonrails.org/maintenance/).
 
-In order to avoid introducing bugs caused by backwardly incompatible Ruby
+To avoid introducing bugs caused by backwardly incompatible Ruby
 language features, it is highly recommended that all development work be done
-using the oldest supported ruby version. The contents of the `.ruby-version`
+using the oldest supported Ruby version. The contents of the `.ruby-version`
 file should reflect this.
 
 ## Copyright
 
-Copyright (c) 2011-2017 Marco Scholl. See LICENSE.txt for further details.
+Copyright (c) 2017-2023 Dillon Welch & Kevin Olbrich.
+
+Copyright (c) 2011-2017 Marco Scholl as the project [`devise_security_extension`](https://github.com/phatworx/devise_security_extension).
+
+This repo was created as a fork from [b2ee978a](https://github.com/phatworx/devise_security_extension/commit/b2ee978af7d49f0fb0e7271c6ac074dfb4d39353).
+
+See LICENSE.txt for further details.

data/app/controllers/devise/paranoid_verification_code_controller.rb

@@ -1,15 +1,13 @@
 # frozen_string_literal: true
 
 class Devise::ParanoidVerificationCodeController < DeviseController
+  before_action :verify_requested_format!
   skip_before_action :handle_paranoid_verification
-  prepend_before_action :authenticate_scope!, only: [:show, :update]
+  before_action :skip_paranoid_verification, only: %i[show update]
+  prepend_before_action :authenticate_scope!, only: %i[show update]
 
   def show
-    if !resource.nil? && resource.need_paranoid_verification?
-      respond_with(resource)
-    else
-      redirect_to :root
-    end
+    respond_with(resource)
   end
 
   def update
@@ -17,20 +15,36 @@ class Devise::ParanoidVerificationCodeController < DeviseController
       warden.session(scope)['paranoid_verify'] = false
       set_flash_message :notice, :updated
       bypass_sign_in resource, scope: scope
-      redirect_to stored_location_for(scope) || :root
+      respond_with({}, location: after_paranoid_verification_code_update_path_for(resource))
     else
       respond_with(resource, action: :show)
     end
   end
 
+  # Allows you to customize where the user is redirected to after the update action
+  # successfully completes.
+  #
+  # Defaults to the request's original path, and then `root` if that is `nil`.
+  #
+  # @param resource [ActiveModel::Model] Devise `resource` model for logged in user.
+  #
+  # @return [String, Symbol] The path that the user will be redirected to.
+  def after_paranoid_verification_code_update_path_for(_resource)
+    stored_location_for(scope) || :root
+  end
+
   private
 
+  def skip_paranoid_verification
+    return if !resource.nil? && resource.need_paranoid_verification?
+
+    redirect_to :root
+  end
+
   def resource_params
-    if params.respond_to?(:permit)
-      params.require(resource_name).permit(:paranoid_verification_code)
-    else
-      params[scope].slice(:paranoid_verification_code)
-    end
+    permitted_params = %i[paranoid_verification_code]
+
+    params.require(resource_name).permit(*permitted_params)
   end
 
   def scope

data/app/controllers/devise/password_expired_controller.rb

@@ -3,8 +3,8 @@
 class Devise::PasswordExpiredController < DeviseController
   before_action :verify_requested_format!
   skip_before_action :handle_password_change
-  before_action :skip_password_change, only: [:show, :update]
-  prepend_before_action :authenticate_scope!, only: [:show, :update]
+  before_action :skip_password_change, only: %i[show update]
+  prepend_before_action :authenticate_scope!, only: %i[show update]
 
   def show
     respond_with(resource)
@@ -20,26 +20,43 @@ class Devise::PasswordExpiredController < DeviseController
   # @see https://github.com/devise-security/devise-security/pull/111
   def update
     resource.extend(Devise::Models::DatabaseAuthenticatablePatch)
-    if resource.update_with_password(resource_params)
+    resource.update_with_password(resource_params)
+
+    yield resource if block_given?
+
+    if resource.errors.empty?
       warden.session(scope)['password_expired'] = false
       set_flash_message :notice, :updated
       bypass_sign_in resource, scope: scope
-      respond_with({}, location: stored_location_for(scope) || :root)
+      respond_with({}, location: after_password_expired_update_path_for(resource))
     else
       clean_up_passwords(resource)
       respond_with(resource, action: :show)
     end
   end
 
+  # Allows you to customize where the user is sent to after the update action
+  # successfully completes.
+  #
+  # Defaults to the request's original path, and then `root` if that is `nil`.
+  #
+  # @param resource [ActiveModel::Model] Devise `resource` model for logged in user.
+  #
+  # @return [String, Symbol] The path that the user will be sent to.
+  def after_password_expired_update_path_for(_resource)
+    stored_location_for(scope) || :root
+  end
+
   private
 
   def skip_password_change
     return if !resource.nil? && resource.need_change_password?
+
     redirect_to :root
   end
 
   def resource_params
-    permitted_params = [:current_password, :password, :password_confirmation]
+    permitted_params = %i[current_password password password_confirmation]
 
     params.require(resource_name).permit(*permitted_params)
   end

data/config/locales/bg.yml

@@ -0,0 +1,42 @@
+bg:
+  errors:
+    messages:
+      taken_in_past: 'е използвана и преди.'
+      equal_to_current_password: 'трябва да е различна от настоящата парола.'
+      equal_to_email: 'трябва да е различна от e-mail адреса.'
+      password_complexity:
+        digit:
+          one: трябва да съдържа поне една цифра
+          other: трябва да съдържа %{count} цифри
+        lower:
+          one: трябва да съдържа поне една малка буква
+          other: трябва да съдържа поне %{count} малки букви
+        symbol:
+          one: трябва да съдържа поне един пунктоационен знак или символ
+          other: трябва да съдържа поне %{count} пунктоационни знака или символи
+        upper:
+          one: трябва да съдържа поне една главна буква
+          other: трябва да съдържа поне %{count} главни букви
+  devise:
+    invalid_captcha: 'Кодът е грешен.'
+    invalid_security_question: 'Отговора на тайния въпрос е грешен.'
+    paranoid_verify:
+      code_required: 'Моля въведете кода, който нашия екип по поддръжката Ви е предоставил'
+    paranoid_verification_code:
+      updated: Кодът за потвърждение е приет
+      show:
+        submit_verification_code: Изпрати код за потвърждение
+        verification_code: Код за потвърждение
+        submit: Изпрати
+    password_expired:
+      updated: 'Вашата нова парола е запазена.'
+      change_required: 'Вашата парола е изтекла. Моля подновете паролата си.'
+      show:
+        renew_your_password: Подновете паролата си
+        current_password: Настояща парола
+        new_password: Нова парола
+        new_password_confirmation: Потвърждение на нова парола
+        change_my_password: Промени паролата ми
+    failure:
+      session_limited: 'Вашето потребителско име и парола са използвани в друг браузър. Моля влезте отново за да продължите в този браузър.'
+      expired: 'Вашия акаунт е затворен поради неактивност. Моля свържете се с администратор.'

data/config/locales/by.yml

@@ -31,6 +31,7 @@ by:
     paranoid_verify:
       code_required: 'Калі ласка, увядзіце код, атрыманы ад нашай каманды падтрымкі'
     paranoid_verification_code:
+      updated: Код спраўджання прыняты
       show:
         submit_verification_code: 'Увод кода пацверджання'
         verification_code: 'Код пацверджання'

data/config/locales/cs.yml

@@ -7,15 +7,19 @@ cs:
       password_complexity:
         digit:
           one: musí obsahovat alespoň jednu číslici
+          few: musí obsahovat alespoň %{count} číslice
           other: musí obsahovat alespoň %{count} číslice
         lower:
           one: musí obsahovat alespoň jedno malé písmeno
+          few: musí obsahovat alespoň %{count} malé písmena
           other: musí obsahovat alespoň %{count} malé písmena
         symbol:
           one: musí obsahovat alespoň jedno interpunkční znaménko nebo symbol
+          few: musí obsahovat alespoň %{count} interpunkční znaménka nebo symboly
           other: musí obsahovat alespoň %{count} interpunkční znaménka nebo symboly
         upper:
           one: musí obsahovat alespoň jedno velké písmeno
+          few: musí obsahovat alespoň %{count} velké písmena
           other: musí obsahovat alespoň %{count} velké písmena
   devise:
     invalid_captcha: Chybná captcha.
@@ -23,6 +27,7 @@ cs:
     paranoid_verify:
       code_required: Zadejte kód, který poskytla naše podpora
     paranoid_verification_code:
+      updated: Ověřovací kód přijat
       show:
         submit_verification_code: Odeslat ověřovací kód
         verification_code: Ověřovací kód

data/config/locales/de.yml

@@ -19,8 +19,11 @@ de:
           other: muss mindestens %{count} Großbuchstaben enthalten
   devise:
     invalid_captcha: 'Die Captcha-Eingabe ist nicht gültig.'
+    invalid_security_question: 'Die Antwort auf die Sicherheitsfrage war ungültig.'
     paranoid_verify:
       code_required: 'Bitte geben Sie den Code ein, den unser Support-Team zur Verfügung gestellt hat.'
+    paranoid_verification_code:
+      updated: Bestätigungscode akzeptiert
       show:
         submit_verification_code: Bestätigungscode eingeben
         verification_code: Bestätigungscode

data/config/locales/en.yml

@@ -7,7 +7,7 @@ en:
       password_complexity:
         digit:
           one: must contain at least one digit
-          other: must contain at least %{count} numerals
+          other: must contain at least %{count} digits
         lower:
           one: must contain at least one lower-case letter
           other: must contain at least %{count} lower-case letters
@@ -23,6 +23,7 @@ en:
     paranoid_verify:
       code_required: 'Please enter the code our support team provided'
     paranoid_verification_code:
+      updated: Verification code accepted
       show:
         submit_verification_code: Submit verification code
         verification_code: Verification code

data/config/locales/es.yml

@@ -22,9 +22,21 @@ es:
     invalid_security_question: 'La respuesta a la pregunta de seguridad fue incorrecta.'
     paranoid_verify:
       code_required: 'Por favor ingrese el código provisto por nuestro equipo de soporte'
+    paranoid_verification_code:
+      updated: Se acepta el código de verificación
+      show:
+        submit_verification_code: Envíe el código de verificación
+        verification_code: Código de verificación
+        submit: Entregar
     password_expired:
       updated: 'Su nueva contraseña ha sido guardada.'
       change_required: 'Su contraseña ha expirado. Por favor renueve su contraseña.'
+      show:
+        renew_your_password: Renueve su contraseña
+        current_password: Actual contraseña
+        new_password: Nueva contraseña
+        new_password_confirmation: Confirmar nueva contraseña
+        change_my_password: Cambiar mi contraseña
     failure:
       session_limited: 'Sus credenciales de inicio de sesión fueron usadas en otro navegador. Por favor inicie sesión nuevamente para continuar en este navegador.'
       expired: 'Su cuenta ha expirado debido a inactividad. Por favor contacte al administrador de la aplicación.'

data/config/locales/fa.yml

@@ -23,6 +23,7 @@ fa:
     paranoid_verify:
       code_required: 'لطفاً کدی را که تیم پشتیبانی ما ارائه کرده است وارد کنید'
     paranoid_verification_code:
+      updated: کد تأیید پذیرفته شد
       show:
         submit_verification_code: ارسال کد تاییدیه
         verification_code: کد تاییدیه

data/config/locales/fr.yml

@@ -9,8 +9,8 @@ fr:
           one: doit contenir au moins un chiffre
           other: doit contenir au moins %{count} chiffres
         lower:
-          one: doit contenir au moins une lettre miniscule
-          other: doit contenir au moins %{count} lettres miniscules
+          one: doit contenir au moins une lettre minuscule
+          other: doit contenir au moins %{count} lettres minuscules
         symbol:
           one: doit contenir au moins un signe de ponctuation
           other: doit contenir au moins %{count} signes de ponctuation
@@ -22,9 +22,21 @@ fr:
     invalid_security_question: La réponse à la question de sécurité est invalide
     paranoid_verify:
       code_required: Veuillez entrer le code fourni par notre équipe de support
+    paranoid_verification_code:
+      updated: Code de vérification accepté
+      show:
+        submit_verification_code: Soumettre le code de vérification
+        verification_code: Code de vérification
+        submit: Soumettre
     password_expired:
       updated: Votre nouveau mot de passe est enregistré
       change_required: Votre mot de passe a expiré. Veuillez en choisir un autre
+      show:
+        renew_your_password: Renouveler votre mot de passe
+        current_password: Mot de passe actuel
+        new_password: Nouveau mot de passe
+        new_password_confirmation: Confirmer le nouveau mot de passe
+        change_my_password: Changer mon mot de passe
     failure:
       session_limited: Vos identifiants de connexion ont été utilisés dans un autre navigateur. Veuillez vous reconnecter pour continuer dans ce navigateur
       expired: Votre compte a expiré pour cause d'inactivité. Veuillez contacter l'administrateur du site

data/config/locales/hi.yml

@@ -24,6 +24,7 @@ hi:
     paranoid_verify:
       code_required: सपोर्ट टीम द्वारा दिया गया कोड डाले
     paranoid_verification_code:
+      updated: सत्यापन कोड स्वीकार किया गया
       show:
         submit_verification_code: वेरिफिकेशन कोड डाले
         verification_code: वेरिफिकेशन कोड

data/config/locales/it.yml

@@ -23,6 +23,7 @@ it:
     paranoid_verify:
       code_required: 'Inserisci il codice fornito dal nostro team di supporto'
     paranoid_verification_code:
+      updated: Codice di verifica accettato
       show:
         submit_verification_code: Invia codice di verifica
         verification_code: Codice di verifica

data/config/locales/ja.yml

@@ -22,9 +22,21 @@ ja:
     invalid_security_question: 'セキュリティ質問に対する回答が不正です。'
     paranoid_verify:
       code_required: 'サポートチームに提供された認証コードを入力してください。'
+    paranoid_verification_code:
+      updated: 確認コードを受け入れました
+      show:
+        submit_verification_code: 確認コードを送信する
+        verification_code: 検証コード
+        submit: 参加する
     password_expired:
       updated: '新しいパスワードが保存されました。'
       change_required: 'パスワードが期限切れです。パスワードを新しく設定してください。'
+      show:
+        renew_your_password: パスワードを更新する
+        current_password: 現在のパスワード
+        new_password: 新しいパスワード
+        new_password_confirmation: 新しいパスワードを確認
+        change_my_password: パスワードを変更する
     failure:
       session_limited: '他のブラウザでログインされました。このブラウザで続ける場合は、もう一度サインインしてください。'
       expired: '活動がなかったため、あなたのアカウントは期限切れとなりました。サイト管理者に連絡してください。'

data/config/locales/nl.yml

@@ -23,6 +23,7 @@ nl:
     paranoid_verify:
       code_required: Voer de aangeleverde code in
     paranoid_verification_code:
+      updated: Verificatiecode geaccepteerd
       show:
         submit_verification_code: Verstuur verificatie code
         verification_code: Verificatie code

data/config/locales/pt.yml

@@ -23,6 +23,7 @@ pt:
     paranoid_verify:
       code_required: 'Por favor entre o código que a equipe de suporte enviou'
     paranoid_verification_code:
+      updated: Código de verificação aceito
       show:
         submit_verification_code: Enviar código de verificação
         verification_code: Código de verificação

data/config/locales/ru.yml

@@ -31,6 +31,7 @@ ru:
     paranoid_verify:
       code_required: 'Пожалуйста введите код, полученный от нашей команды поддержки'
     paranoid_verification_code:
+      updated: Код подтверждения принят
       show:
         submit_verification_code: Ввод кода подтверждения
         verification_code: Код подверждения

data/config/locales/tr.yml

@@ -4,15 +4,39 @@ tr:
       taken_in_past: "daha önce kullanıldı."
       equal_to_current_password: "mevcut paroladan farklı olmalı."
       equal_to_email: "e-postadan farklı olmalı."
-      password_format: "büyük, küçük harfler ve sayılar içermeli."
+      password_complexity:
+        digit:
+          one: en az bir rakam içermelidir
+          other: en az %{count} basamak içermelidir
+        lower:
+          one: en az bir küçük harf içermelidir
+          other: en az %{count} küçük harf içermelidir
+        symbol:
+          one: en az bir noktalama işareti veya sembolü içermelidir
+          other: en az %{count} noktalama işareti veya sembolü içermelidir
+        upper:
+          one: en az bir büyük harf içermelidir
+          other: en az %{count} büyük harf içermelidir
   devise:
     invalid_captcha: "Captcha hatalı."
     invalid_security_question: "Güvenlik sorusunun cevabı yanlış."
     paranoid_verify:
       code_required: "Destek ekibimizden aldığınız kodu girin."
+    paranoid_verification_code:
+      updated: Doğrulama kodu kabul edildi
+      show:
+        submit_verification_code: Doğrulama kodunu gönder
+        verification_code: Doğrulama kodu
+        submit: Gönder
     password_expired:
       updated: "Yeni parolanız kaydedildi."
       change_required: "Parolanızın geçerlilik süresi dolmuş. Lütfen parolanızı yenileyin."
+      show:
+        renew_your_password: Şifrenizi yenileyin
+        current_password: Mevcut Şifre
+        new_password: Yeni Şifre
+        new_password_confirmation: Yeni şifreyi onayla
+        change_my_password: Şifremi Değiştir
     failure:
       session_limited: 'Hesabınıza başka bir tarayıcıdan giriş yapılmış. Lütfen devam etmek için yeniden giriş yapın.'
       expired: 'Hesabınız aktif olarak kullanılmadığı için artık geçerli değil. Lütfen yönetici ile irtibata geçin.'

data/config/locales/uk.yml

@@ -31,6 +31,7 @@ uk:
     paranoid_verify:
       code_required: 'Введіть, будь ласка, код від нашої команди підтримки'
     paranoid_verification_code:
+      updated: Код підтвердження прийнято
       show:
         submit_verification_code: Відправити код підтвердження
         verification_code: Код підтвердження

data/config/locales/zh_CN.yml

@@ -23,6 +23,7 @@ zh_CN:
     paranoid_verify:
       code_required: '请输入我们支持团队提供的代码'
     paranoid_verification_code:
+      updated: 接受验证码
       show:
         submit_verification_code: 提交验证码
         verification_code: 验证码

data/config/locales/zh_TW.yml

@@ -23,6 +23,7 @@ zh_TW:
     paranoid_verify:
       code_required: '請輸入由我們客服團隊提供的代碼'
     paranoid_verification_code:
+      updated: 接受驗證碼
       show:
         submit_verification_code: 送出驗證碼
         verification_code: 驗證碼

data/lib/devise-security/controllers/helpers.rb

@@ -29,8 +29,8 @@ module DeviseSecurity
       end
 
       def valid_captcha_if_defined?(captcha)
-        defined?(verify_recaptcha) && verify_recaptcha ||
-          defined?(valid_captcha?) && valid_captcha?(captcha)
+        (defined?(verify_recaptcha) && verify_recaptcha) ||
+          (defined?(valid_captcha?) && valid_captcha?(captcha))
       end
 
       def valid_security_question_answer?(resource, answer)
@@ -75,12 +75,18 @@ module DeviseSecurity
       def handle_paranoid_verification
         return if warden.nil?
 
-        if !devise_controller? && !request.format.nil? && request.format.html?
+        if !devise_controller? &&
+           !ignore_paranoid_verification_code? &&
+           !request.format.nil? &&
+           request.format.html?
           Devise.mappings.keys.flatten.any? do |scope|
-            if signed_in?(scope) && warden.session(scope)['paranoid_verify']
-              store_location_for(scope, request.original_fullpath) if request.get?
-              redirect_for_paranoid_verification scope
-              return
+            if signed_in?(scope) && warden.session(scope)['paranoid_verify'] == true
+              if send(:"current_#{scope}").try(:need_paranoid_verification?)
+                store_location_for(scope, request.original_fullpath) if request.get?
+                redirect_for_paranoid_verification(scope)
+              else
+                warden.session(scope)['paranoid_verify'] = false
+              end
             end
           end
         end
@@ -98,14 +104,16 @@ module DeviseSecurity
       # path for change password
       def change_password_required_path_for(resource_or_scope = nil)
         scope       = Devise::Mapping.find_scope!(resource_or_scope)
-        change_path = "#{scope}_password_expired_path"
-        send(change_path)
+        router_name = Devise.mappings[scope].router_name
+        context     = router_name ? send(router_name) : _devise_route_context
+        context.send("#{scope}_password_expired_path")
       end
 
       def paranoid_verification_code_path_for(resource_or_scope = nil)
         scope       = Devise::Mapping.find_scope!(resource_or_scope)
-        change_path = "#{scope}_paranoid_verification_code_path"
-        send(change_path)
+        router_name = Devise.mappings[scope].router_name
+        context     = router_name ? send(router_name) : _devise_route_context
+        context.send("#{scope}_paranoid_verification_code_path")
       end
 
       protected
@@ -114,6 +122,10 @@ module DeviseSecurity
       def ignore_password_expire?
         false
       end
+
+      def ignore_paranoid_verification_code?
+        false
+      end
     end
   end
 end

data/lib/devise-security/hooks/expirable.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
-# Updates the last_activity_at fields from the record. Only when the user is active 
+# Updates the last_activity_at fields from the record. Only when the user is active
 # for authentication and authenticated.
-# An expiry of the account is only checked on sign in OR on manually setting the 
+# An expiry of the account is only checked on sign in OR on manually setting the
 # expired_at to the past (see Devise::Models::Expirable for this)
 Warden::Manager.after_set_user do |record, warden, options|
-  if record && record.respond_to?(:active_for_authentication?) && record.active_for_authentication? && 
+  if record && record.respond_to?(:active_for_authentication?) && record.active_for_authentication? &&
       warden.authenticated?(options[:scope]) && record.respond_to?(:update_last_activity!)
     record.update_last_activity!
   end

data/lib/devise-security/hooks/paranoid_verification.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
 Warden::Manager.after_set_user do |record, warden, options|
-  if record.respond_to?(:need_paranoid_verification?)
-    warden.session(options[:scope])['paranoid_verify'] = record.need_paranoid_verification?
-  end
+  warden.session(options[:scope])['paranoid_verify'] = record.need_paranoid_verification? if record.respond_to?(:need_paranoid_verification?)
 end

data/lib/devise-security/hooks/password_expirable.rb

@@ -3,7 +3,5 @@
 # @note This happens after
 #   {DeviseSecurity::Controller::Helpers#handle_password_change}
 Warden::Manager.after_authentication do |record, warden, options|
-  if record.respond_to?(:need_change_password?)
-    warden.session(options[:scope])['password_expired'] = record.need_change_password?
-  end
+  warden.session(options[:scope])['password_expired'] = record.need_change_password? if record.respond_to?(:need_change_password?)
 end