devise-security 0.16.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE.txt +3 -1
- data/README.md +18 -7
- data/app/controllers/devise/paranoid_verification_code_controller.rb +26 -12
- data/app/controllers/devise/password_expired_controller.rb +22 -5
- data/config/locales/bg.yml +42 -0
- data/config/locales/by.yml +1 -0
- data/config/locales/cs.yml +5 -0
- data/config/locales/de.yml +3 -0
- data/config/locales/en.yml +2 -1
- data/config/locales/es.yml +12 -0
- data/config/locales/fa.yml +1 -0
- data/config/locales/fr.yml +14 -2
- data/config/locales/hi.yml +1 -0
- data/config/locales/it.yml +1 -0
- data/config/locales/ja.yml +12 -0
- data/config/locales/nl.yml +1 -0
- data/config/locales/pt.yml +1 -0
- data/config/locales/ru.yml +1 -0
- data/config/locales/tr.yml +25 -1
- data/config/locales/uk.yml +1 -0
- data/config/locales/zh_CN.yml +1 -0
- data/config/locales/zh_TW.yml +1 -0
- data/lib/devise-security/controllers/helpers.rb +23 -11
- data/lib/devise-security/hooks/expirable.rb +3 -3
- data/lib/devise-security/hooks/paranoid_verification.rb +1 -3
- data/lib/devise-security/hooks/password_expirable.rb +1 -3
- data/lib/devise-security/hooks/session_limitable.rb +4 -4
- data/lib/devise-security/models/compatibility/active_record_patch.rb +4 -3
- data/lib/devise-security/models/compatibility/mongoid_patch.rb +3 -2
- data/lib/devise-security/models/database_authenticatable_patch.rb +18 -10
- data/lib/devise-security/models/expirable.rb +6 -5
- data/lib/devise-security/models/paranoid_verification.rb +2 -2
- data/lib/devise-security/models/password_archivable.rb +3 -3
- data/lib/devise-security/models/secure_validatable.rb +57 -20
- data/lib/devise-security/orm/mongoid.rb +1 -1
- data/lib/devise-security/patches.rb +14 -8
- data/lib/devise-security/routes.rb +2 -3
- data/lib/devise-security/validators/password_complexity_validator.rb +53 -26
- data/lib/devise-security/version.rb +1 -1
- data/lib/devise-security.rb +9 -3
- data/lib/generators/devise_security/install_generator.rb +3 -5
- data/lib/generators/templates/devise_security.rb +6 -1
- data/test/controllers/test_paranoid_verification_code_controller.rb +133 -0
- data/test/controllers/test_password_expired_controller.rb +87 -33
- data/test/controllers/test_security_question_controller.rb +25 -19
- data/test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb +7 -0
- data/test/dummy/app/controllers/overrides/password_expired_controller.rb +17 -0
- data/test/dummy/app/controllers/widgets_controller.rb +3 -0
- data/test/dummy/app/models/application_user_record.rb +2 -1
- data/test/dummy/app/models/mongoid/confirmable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/database_authenticable_fields.rb +4 -3
- data/test/dummy/app/models/mongoid/expirable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/lockable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/mappings.rb +4 -2
- data/test/dummy/app/models/mongoid/omniauthable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/paranoid_verification_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/password_archivable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/password_expirable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/recoverable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/registerable_fields.rb +4 -2
- data/test/dummy/app/models/mongoid/rememberable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/secure_validatable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/security_questionable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/session_limitable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/timeoutable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/trackable_fields.rb +2 -0
- data/test/dummy/app/models/mongoid/validatable_fields.rb +2 -0
- data/test/dummy/app/models/paranoid_verification_user.rb +26 -0
- data/test/dummy/app/models/password_expired_user.rb +26 -0
- data/test/dummy/app/models/user.rb +5 -5
- data/test/dummy/app/models/widget.rb +1 -3
- data/test/dummy/app/mongoid/one_user.rb +5 -5
- data/test/dummy/app/mongoid/user_on_engine.rb +2 -2
- data/test/dummy/app/mongoid/user_on_main_app.rb +2 -2
- data/test/dummy/app/mongoid/user_with_validations.rb +3 -3
- data/test/dummy/app/mongoid/user_without_email.rb +7 -4
- data/test/dummy/config/application.rb +3 -7
- data/test/dummy/config/boot.rb +1 -1
- data/test/dummy/config/environment.rb +1 -1
- data/test/dummy/config/environments/test.rb +1 -0
- data/test/dummy/config/initializers/devise.rb +1 -5
- data/test/dummy/config/locales/en.yml +10 -0
- data/test/dummy/config/routes.rb +3 -1
- data/test/dummy/config.ru +1 -1
- data/test/dummy/db/migrate/20120508165529_create_tables.rb +5 -5
- data/test/dummy/lib/shared_expirable_columns.rb +1 -0
- data/test/dummy/lib/shared_security_questions_fields.rb +1 -0
- data/test/dummy/lib/shared_user.rb +17 -6
- data/test/dummy/lib/shared_user_without_omniauth.rb +12 -3
- data/test/dummy/lib/shared_verification_fields.rb +1 -0
- data/test/dummy/log/test.log +39637 -16086
- data/test/i18n_test.rb +22 -0
- data/test/integration/test_paranoid_verification_code_workflow.rb +53 -0
- data/test/integration/test_password_expirable_workflow.rb +2 -2
- data/test/integration/test_session_limitable_workflow.rb +5 -3
- data/test/orm/active_record.rb +7 -7
- data/test/support/integration_helpers.rb +18 -12
- data/test/test_compatibility.rb +2 -0
- data/test/test_complexity_validator.rb +247 -37
- data/test/test_database_authenticatable_patch.rb +146 -0
- data/test/test_helper.rb +7 -8
- data/test/test_install_generator.rb +1 -1
- data/test/test_paranoid_verification.rb +8 -9
- data/test/test_password_archivable.rb +34 -11
- data/test/test_password_expirable.rb +27 -27
- data/test/test_secure_validatable.rb +265 -107
- data/test/test_secure_validatable_overrides.rb +185 -0
- data/test/test_session_limitable.rb +9 -9
- data/test/tmp/config/initializers/{devise-security.rb → devise_security.rb} +6 -1
- data/test/tmp/config/locales/devise.security_extension.by.yml +1 -0
- data/test/tmp/config/locales/devise.security_extension.cs.yml +5 -0
- data/test/tmp/config/locales/devise.security_extension.de.yml +3 -0
- data/test/tmp/config/locales/devise.security_extension.en.yml +2 -1
- data/test/tmp/config/locales/devise.security_extension.es.yml +12 -0
- data/test/tmp/config/locales/devise.security_extension.fa.yml +1 -0
- data/test/tmp/config/locales/devise.security_extension.fr.yml +14 -2
- data/test/tmp/config/locales/devise.security_extension.hi.yml +21 -20
- data/test/tmp/config/locales/devise.security_extension.it.yml +1 -0
- data/test/tmp/config/locales/devise.security_extension.ja.yml +12 -0
- data/test/tmp/config/locales/devise.security_extension.nl.yml +1 -0
- data/test/tmp/config/locales/devise.security_extension.pt.yml +1 -0
- data/test/tmp/config/locales/devise.security_extension.ru.yml +1 -0
- data/test/tmp/config/locales/devise.security_extension.tr.yml +25 -1
- data/test/tmp/config/locales/devise.security_extension.uk.yml +1 -0
- data/test/tmp/config/locales/devise.security_extension.zh_CN.yml +1 -0
- data/test/tmp/config/locales/devise.security_extension.zh_TW.yml +1 -0
- metadata +82 -41
- data/lib/devise-security/patches/confirmations_controller_captcha.rb +0 -23
- data/lib/devise-security/patches/confirmations_controller_security_question.rb +0 -26
- data/lib/devise-security/patches/passwords_controller_captcha.rb +0 -22
- data/lib/devise-security/patches/passwords_controller_security_question.rb +0 -25
- data/lib/devise-security/patches/registrations_controller_captcha.rb +0 -35
- data/lib/devise-security/patches/sessions_controller_captcha.rb +0 -26
- data/lib/devise-security/patches/unlocks_controller_captcha.rb +0 -22
- data/lib/devise-security/patches/unlocks_controller_security_question.rb +0 -25
- data/test/dummy/app/controllers/foos_controller.rb +0 -0
- data/test/dummy/app/models/secure_user.rb +0 -9
- data/test/dummy/lib/shared_user_without_email.rb +0 -28
- data/test/dummy/log/development.log +0 -883
|
@@ -0,0 +1,133 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'test_helper'
|
|
4
|
+
|
|
5
|
+
class Devise::ParanoidVerificationCodeControllerTest < ActionController::TestCase
|
|
6
|
+
include Devise::Test::ControllerHelpers
|
|
7
|
+
|
|
8
|
+
setup do
|
|
9
|
+
@controller.class.respond_to :json, :xml
|
|
10
|
+
@request.env['devise.mapping'] = Devise.mappings[:user]
|
|
11
|
+
@user = User.create!(
|
|
12
|
+
username: 'hello',
|
|
13
|
+
email: 'hello@path.travel',
|
|
14
|
+
password: 'Password4',
|
|
15
|
+
confirmed_at: 5.months.ago,
|
|
16
|
+
paranoid_verification_code: 'cookies'
|
|
17
|
+
)
|
|
18
|
+
assert @user.valid?
|
|
19
|
+
assert @user.need_paranoid_verification?
|
|
20
|
+
|
|
21
|
+
sign_in(@user)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
test 'redirects to root on show if user not logged in' do
|
|
25
|
+
sign_out(@user)
|
|
26
|
+
get :show
|
|
27
|
+
assert_redirected_to :root
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
test "redirects to root on show if user doesn't need paranoid verification" do
|
|
31
|
+
@user.update(paranoid_verification_code: nil)
|
|
32
|
+
get :show
|
|
33
|
+
assert_redirected_to :root
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
test 'renders show on show if user needs paranoid verification' do
|
|
37
|
+
@user.update(paranoid_verification_code: 'cookies')
|
|
38
|
+
get :show
|
|
39
|
+
assert_template :show
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
test 'redirects on update if user not logged in' do
|
|
43
|
+
sign_out(@user)
|
|
44
|
+
patch :update
|
|
45
|
+
assert_redirected_to :root
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
test 'redirects on update if user does not need paranoid verification' do
|
|
49
|
+
@user.update(paranoid_verification_code: nil)
|
|
50
|
+
patch :update
|
|
51
|
+
assert_redirected_to :root
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
test 'update paranoid_verification_code with default format' do
|
|
55
|
+
patch(
|
|
56
|
+
:update,
|
|
57
|
+
params: {
|
|
58
|
+
user: {
|
|
59
|
+
paranoid_verification_code: 'cookies'
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
)
|
|
63
|
+
assert_redirected_to root_path
|
|
64
|
+
assert_equal 'Verification code accepted', flash[:notice]
|
|
65
|
+
assert_equal('text/html', response.media_type)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
test 'update paranoid_verification_code using JSON format' do
|
|
69
|
+
patch(
|
|
70
|
+
:update,
|
|
71
|
+
format: :json,
|
|
72
|
+
params: {
|
|
73
|
+
user: {
|
|
74
|
+
paranoid_verification_code: 'cookies'
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
)
|
|
78
|
+
|
|
79
|
+
assert_response 204
|
|
80
|
+
assert_equal root_url, response.location
|
|
81
|
+
assert_nil response.media_type, 'No Content-Type header should be set for No Content response'
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
test 'update paranoid_verification_code using XML format' do
|
|
85
|
+
patch(
|
|
86
|
+
:update,
|
|
87
|
+
format: :xml,
|
|
88
|
+
params: {
|
|
89
|
+
user: {
|
|
90
|
+
paranoid_verification_code: 'cookies'
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
)
|
|
94
|
+
assert_response 204
|
|
95
|
+
assert_equal root_url, response.location
|
|
96
|
+
assert_nil response.media_type, 'No Content-Type header should be set for No Content response'
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
class ParanoidVerificationCodeCustomRedirectTest < ActionController::TestCase
|
|
101
|
+
include Devise::Test::ControllerHelpers
|
|
102
|
+
tests Overrides::ParanoidVerificationCodeController
|
|
103
|
+
|
|
104
|
+
setup do
|
|
105
|
+
@controller.class.respond_to :json, :xml
|
|
106
|
+
@request.env['devise.mapping'] = Devise.mappings[:paranoid_verification_user]
|
|
107
|
+
@user = ParanoidVerificationUser.create!(
|
|
108
|
+
username: 'hello',
|
|
109
|
+
email: 'hello@path.travel',
|
|
110
|
+
password: 'Password4',
|
|
111
|
+
confirmed_at: 5.months.ago,
|
|
112
|
+
paranoid_verification_code: 'cookies'
|
|
113
|
+
)
|
|
114
|
+
assert @user.valid?
|
|
115
|
+
assert @user.need_paranoid_verification?
|
|
116
|
+
|
|
117
|
+
sign_in(@user)
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
test 'redirects to custom redirect route on update' do
|
|
121
|
+
patch(
|
|
122
|
+
:update,
|
|
123
|
+
params: {
|
|
124
|
+
paranoid_verification_user: {
|
|
125
|
+
paranoid_verification_code: 'cookies'
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
)
|
|
129
|
+
|
|
130
|
+
assert_redirected_to '/cats'
|
|
131
|
+
assert_equal 'Verification code accepted', flash[:notice]
|
|
132
|
+
end
|
|
133
|
+
end
|
|
@@ -13,7 +13,7 @@ class Devise::PasswordExpiredControllerTest < ActionController::TestCase
|
|
|
13
13
|
email: 'hello@path.travel',
|
|
14
14
|
password: 'Password4',
|
|
15
15
|
password_changed_at: 4.months.ago,
|
|
16
|
-
confirmed_at: 5.months.ago
|
|
16
|
+
confirmed_at: 5.months.ago
|
|
17
17
|
)
|
|
18
18
|
assert @user.valid?
|
|
19
19
|
assert @user.need_change_password?
|
|
@@ -51,60 +51,114 @@ class Devise::PasswordExpiredControllerTest < ActionController::TestCase
|
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
test 'update password with default format' do
|
|
54
|
-
put
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
54
|
+
put(
|
|
55
|
+
:update,
|
|
56
|
+
params: {
|
|
57
|
+
user: {
|
|
58
|
+
current_password: 'Password4',
|
|
59
|
+
password: 'Password5',
|
|
60
|
+
password_confirmation: 'Password5'
|
|
61
61
|
}
|
|
62
|
+
}
|
|
63
|
+
)
|
|
62
64
|
assert_redirected_to root_path
|
|
63
|
-
assert_equal
|
|
65
|
+
assert_equal('text/html', response.media_type)
|
|
64
66
|
end
|
|
65
67
|
|
|
66
68
|
test 'password confirmation does not match' do
|
|
67
|
-
put
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
69
|
+
put(
|
|
70
|
+
:update,
|
|
71
|
+
params: {
|
|
72
|
+
user: {
|
|
73
|
+
current_password: 'Password4',
|
|
74
|
+
password: 'Password5',
|
|
75
|
+
password_confirmation: 'Password6'
|
|
74
76
|
}
|
|
77
|
+
}
|
|
78
|
+
)
|
|
75
79
|
|
|
76
80
|
assert_response :success
|
|
77
81
|
assert_template :show
|
|
78
|
-
assert_equal
|
|
82
|
+
assert_equal('text/html', response.media_type)
|
|
83
|
+
assert_includes(
|
|
84
|
+
response.body,
|
|
85
|
+
'Password confirmation doesn't match Password'
|
|
86
|
+
)
|
|
79
87
|
end
|
|
80
88
|
|
|
81
89
|
test 'update password using JSON format' do
|
|
82
|
-
put
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
+
put(
|
|
91
|
+
:update,
|
|
92
|
+
format: :json,
|
|
93
|
+
params: {
|
|
94
|
+
user: {
|
|
95
|
+
current_password: 'Password4',
|
|
96
|
+
password: 'Password5',
|
|
97
|
+
password_confirmation: 'Password5'
|
|
90
98
|
}
|
|
99
|
+
}
|
|
100
|
+
)
|
|
101
|
+
|
|
91
102
|
assert_response 204
|
|
92
103
|
assert_equal root_url, response.location
|
|
93
104
|
assert_nil response.media_type, 'No Content-Type header should be set for No Content response'
|
|
94
105
|
end
|
|
95
106
|
|
|
96
107
|
test 'update password using XML format' do
|
|
97
|
-
put
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
108
|
+
put(
|
|
109
|
+
:update,
|
|
110
|
+
format: :xml,
|
|
111
|
+
params: {
|
|
112
|
+
user: {
|
|
113
|
+
current_password: 'Password4',
|
|
114
|
+
password: 'Password5',
|
|
115
|
+
password_confirmation: 'Password5'
|
|
105
116
|
}
|
|
117
|
+
}
|
|
118
|
+
)
|
|
106
119
|
assert_response 204
|
|
107
120
|
assert_equal root_url, response.location
|
|
108
121
|
assert_nil response.media_type, 'No Content-Type header should be set for No Content response'
|
|
109
122
|
end
|
|
110
123
|
end
|
|
124
|
+
|
|
125
|
+
class PasswordExpiredCustomRedirectTest < ActionController::TestCase
|
|
126
|
+
include Devise::Test::ControllerHelpers
|
|
127
|
+
tests Overrides::PasswordExpiredController
|
|
128
|
+
|
|
129
|
+
setup do
|
|
130
|
+
@controller.class.respond_to :json, :xml
|
|
131
|
+
@request.env['devise.mapping'] = Devise.mappings[:password_expired_user]
|
|
132
|
+
@user = PasswordExpiredUser.create!(
|
|
133
|
+
username: 'hello',
|
|
134
|
+
email: 'hello@path.travel',
|
|
135
|
+
password: 'Password4',
|
|
136
|
+
password_changed_at: 4.months.ago,
|
|
137
|
+
confirmed_at: 5.months.ago
|
|
138
|
+
)
|
|
139
|
+
assert @user.valid?
|
|
140
|
+
assert @user.need_change_password?
|
|
141
|
+
|
|
142
|
+
sign_in(@user)
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
test 'update password with custom redirect route' do
|
|
146
|
+
put(
|
|
147
|
+
:update,
|
|
148
|
+
params: {
|
|
149
|
+
password_expired_user: {
|
|
150
|
+
current_password: 'Password4',
|
|
151
|
+
password: 'Password5',
|
|
152
|
+
password_confirmation: 'Password5'
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
)
|
|
156
|
+
|
|
157
|
+
assert_redirected_to '/cookies'
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
test 'yield resource to block on update' do
|
|
161
|
+
put(:update, params: { password_expired_user: { current_password: '123' } })
|
|
162
|
+
assert @controller.update_block_called?, 'Update failed to yield resource to provided block'
|
|
163
|
+
end
|
|
164
|
+
end
|
|
@@ -7,29 +7,38 @@ class TestWithSecurityQuestion < ActionController::TestCase
|
|
|
7
7
|
tests SecurityQuestion::UnlocksController
|
|
8
8
|
|
|
9
9
|
setup do
|
|
10
|
-
@user = SecurityQuestionUser.create!(
|
|
11
|
-
|
|
10
|
+
@user = SecurityQuestionUser.create!(
|
|
11
|
+
username: 'hello', email: 'hello@microsoft.com', password: 'A1234567z!', security_question_answer: 'Right Answer'
|
|
12
|
+
)
|
|
12
13
|
@user.lock_access!
|
|
13
14
|
assert @user.locked_at.present?
|
|
14
15
|
@request.env['devise.mapping'] = Devise.mappings[:security_question_user]
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
test 'When security question is enabled, it is inserted correctly' do
|
|
18
|
-
post
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
19
|
+
post(
|
|
20
|
+
:create,
|
|
21
|
+
params: {
|
|
22
|
+
security_question_answer: 'wrong answer',
|
|
23
|
+
security_question_user: {
|
|
24
|
+
email: @user.email
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
)
|
|
23
28
|
assert_equal I18n.t('devise.invalid_security_question'), flash[:alert]
|
|
24
29
|
assert_redirected_to new_security_question_user_unlock_path
|
|
25
30
|
end
|
|
26
31
|
|
|
27
32
|
test 'When security_question is valid, it runs as normal' do
|
|
28
|
-
post
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
+
post(
|
|
34
|
+
:create,
|
|
35
|
+
params: {
|
|
36
|
+
security_question_answer: @user.security_question_answer,
|
|
37
|
+
security_question_user: {
|
|
38
|
+
email: @user.email
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
)
|
|
33
42
|
|
|
34
43
|
assert_equal I18n.t('devise.unlocks.send_instructions'), flash[:notice]
|
|
35
44
|
assert_redirected_to new_security_question_user_session_path
|
|
@@ -41,18 +50,15 @@ class TestWithoutSecurityQuestion < ActionController::TestCase
|
|
|
41
50
|
tests Devise::UnlocksController
|
|
42
51
|
|
|
43
52
|
setup do
|
|
44
|
-
@user = User.create(
|
|
45
|
-
|
|
53
|
+
@user = User.create(
|
|
54
|
+
username: 'hello', email: 'hello@path.travel', password: '1234', security_question_answer: 'Right Answer'
|
|
55
|
+
)
|
|
46
56
|
@user.lock_access!
|
|
47
57
|
@request.env['devise.mapping'] = Devise.mappings[:user]
|
|
48
58
|
end
|
|
49
59
|
|
|
50
60
|
test 'When security question is not enabled it is not inserted' do
|
|
51
|
-
post :create, params: {
|
|
52
|
-
user: {
|
|
53
|
-
email: @user.email,
|
|
54
|
-
},
|
|
55
|
-
}
|
|
61
|
+
post :create, params: { user: { email: @user.email } }
|
|
56
62
|
|
|
57
63
|
assert_equal I18n.t('devise.unlocks.send_instructions'), flash[:notice]
|
|
58
64
|
assert_redirected_to new_user_session_path
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class Overrides::PasswordExpiredController < Devise::PasswordExpiredController
|
|
4
|
+
def update
|
|
5
|
+
super do |resource|
|
|
6
|
+
@update_block_called = true
|
|
7
|
+
end
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def after_password_expired_update_path_for(_)
|
|
11
|
+
'/cookies'
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def update_block_called?
|
|
15
|
+
@update_block_called == true
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module DatabaseAuthenticatableFields
|
|
2
4
|
extend ::ActiveSupport::Concern
|
|
3
5
|
|
|
@@ -6,10 +8,9 @@ module DatabaseAuthenticatableFields
|
|
|
6
8
|
|
|
7
9
|
## Database authenticatable
|
|
8
10
|
field :username, type: String
|
|
9
|
-
field :email, type: String, default:
|
|
10
|
-
#validates_presence_of :email
|
|
11
|
+
field :email, type: String, default: ''
|
|
11
12
|
|
|
12
|
-
field :encrypted_password, type: String, default:
|
|
13
|
+
field :encrypted_password, type: String, default: ''
|
|
13
14
|
validates_presence_of :encrypted_password
|
|
14
15
|
|
|
15
16
|
include Mongoid::Timestamps
|
|
@@ -1,11 +1,13 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
Dir[File.expand_path('*_fields.rb', __dir__)].each { |f| require_relative f }
|
|
2
4
|
|
|
3
5
|
module Mongoid
|
|
4
6
|
module Mappings
|
|
5
7
|
extend ::ActiveSupport::Concern
|
|
6
8
|
|
|
7
9
|
included do
|
|
8
|
-
|
|
10
|
+
devise_modules.each do |devise_module_name|
|
|
9
11
|
include "#{devise_module_name.to_s.classify}Fields".constantize
|
|
10
12
|
end
|
|
11
13
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module RegisterableFields
|
|
2
4
|
extend ::ActiveSupport::Concern
|
|
3
5
|
|
|
@@ -5,10 +7,10 @@ module RegisterableFields
|
|
|
5
7
|
include Mongoid::Document
|
|
6
8
|
|
|
7
9
|
## Database authenticatable
|
|
8
|
-
field :email, type: String, default:
|
|
10
|
+
field :email, type: String, default: ''
|
|
9
11
|
validates_presence_of :email
|
|
10
12
|
|
|
11
|
-
field :encrypted_password, type: String, default:
|
|
13
|
+
field :encrypted_password, type: String, default: ''
|
|
12
14
|
validates_presence_of :encrypted_password
|
|
13
15
|
|
|
14
16
|
field :password_changed_at, type: Time
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class ParanoidVerificationUser < ApplicationUserRecord
|
|
4
|
+
devise :database_authenticatable,
|
|
5
|
+
:confirmable,
|
|
6
|
+
:expirable,
|
|
7
|
+
:lockable,
|
|
8
|
+
:omniauthable,
|
|
9
|
+
:paranoid_verification,
|
|
10
|
+
:password_archivable,
|
|
11
|
+
:password_expirable,
|
|
12
|
+
:recoverable,
|
|
13
|
+
:registerable,
|
|
14
|
+
:rememberable,
|
|
15
|
+
:secure_validatable,
|
|
16
|
+
:security_questionable,
|
|
17
|
+
:session_limitable,
|
|
18
|
+
:timeoutable,
|
|
19
|
+
:trackable,
|
|
20
|
+
:validatable
|
|
21
|
+
|
|
22
|
+
if DEVISE_ORM == :mongoid
|
|
23
|
+
require './test/dummy/app/models/mongoid/mappings'
|
|
24
|
+
include ::Mongoid::Mappings
|
|
25
|
+
end
|
|
26
|
+
end
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class PasswordExpiredUser < ApplicationUserRecord
|
|
4
|
+
devise :database_authenticatable,
|
|
5
|
+
:confirmable,
|
|
6
|
+
:expirable,
|
|
7
|
+
:lockable,
|
|
8
|
+
:omniauthable,
|
|
9
|
+
:paranoid_verification,
|
|
10
|
+
:password_archivable,
|
|
11
|
+
:password_expirable,
|
|
12
|
+
:recoverable,
|
|
13
|
+
:registerable,
|
|
14
|
+
:rememberable,
|
|
15
|
+
:secure_validatable,
|
|
16
|
+
:security_questionable,
|
|
17
|
+
:session_limitable,
|
|
18
|
+
:timeoutable,
|
|
19
|
+
:trackable,
|
|
20
|
+
:validatable
|
|
21
|
+
|
|
22
|
+
if DEVISE_ORM == :mongoid
|
|
23
|
+
require './test/dummy/app/models/mongoid/mappings'
|
|
24
|
+
include ::Mongoid::Mappings
|
|
25
|
+
end
|
|
26
|
+
end
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
class User < ApplicationRecord
|
|
4
|
-
|
|
5
4
|
devise :database_authenticatable,
|
|
6
5
|
:confirmable,
|
|
7
6
|
:expirable,
|
|
@@ -22,16 +21,17 @@ class User < ApplicationRecord
|
|
|
22
21
|
|
|
23
22
|
has_many :widgets
|
|
24
23
|
|
|
25
|
-
|
|
24
|
+
case DEVISE_ORM
|
|
25
|
+
when :mongoid
|
|
26
26
|
require './test/dummy/app/models/mongoid/mappings'
|
|
27
27
|
include ::Mongoid::Mappings
|
|
28
|
-
|
|
28
|
+
|
|
29
29
|
def some_method_calling_mongoid
|
|
30
30
|
Mongoid.logger
|
|
31
31
|
end
|
|
32
|
-
|
|
32
|
+
when :active_record
|
|
33
33
|
def some_method_calling_active_record
|
|
34
|
-
ActiveRecord::Base.transaction {}
|
|
34
|
+
ActiveRecord::Base.transaction { break; }
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
end
|