devise-security 0.11.1 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 34e1123d37456a09b6554cde544c4e49c796447f
-  data.tar.gz: d3cc451de684f054e4404e9ce3d8a7a47ccc9b46
+SHA256:
+  metadata.gz: 4ccd3b9a01ec2f531013bbed8d14cbf3131f2630d2c2d1a56d119268f1aa696c
+  data.tar.gz: f9305b860b267fd4f49dc724864d1d822c1e4d0f952be56f78d02d1c6b1a1b3c
 SHA512:
-  metadata.gz: 8f5c352c7234af43ab916d1b741799460289e96c843f9d90696f7bd8c2cc7b709009fbaf35ff61e99886c646941e2c186db43988f3ed64915ea7e80e491738a9
-  data.tar.gz: bcfff1037167e404e0998a225115713443675adfff7c3c13fa77a75611106286c1b33654ee3ec69280db693cbc4d234fa9b209377a8d1b38bd0441888ab98df3
+  metadata.gz: f176d4afaee6b712cc7fa83c234cca6f286729f8a03660c33d10cf5cd363f49f70e56440f3e9e960f275ef4f7b2a846f60984af73e46e55f73266b431314cee1
+  data.tar.gz: 00e810e6e1c6c1845cc67d534206378c111499f09bb849a8d4129b20bc4c52a89b9261cfaf07ec7bb243995cc016f50f26c99eba29a9c1c148b3d9ec8b6632c5

data/.circleci/config.yml

@@ -0,0 +1,41 @@
+# Ruby CircleCI 2.0 configuration file
+#
+# Check https://circleci.com/docs/2.0/language-ruby/ for more details
+#
+version: 2
+jobs:
+  build:
+    docker:
+      # specify the version you desire here
+       - image: circleci/ruby:2.4.1-node-browsers
+
+      # Specify service dependencies here if necessary
+      # CircleCI maintains a library of pre-built images
+      # documented at https://circleci.com/docs/2.0/circleci-images/
+      # - image: circleci/postgres:9.4
+
+    working_directory: ~/repo
+
+    steps:
+      - checkout
+
+      # Download and cache dependencies
+      - restore_cache:
+          keys:
+          # fallback to using the latest cache if no exact match is found
+          - v1-dependencies-
+
+      - run:
+          name: install dependencies
+          command: |
+            bundle install --jobs=4 --retry=3 --path vendor/bundle
+
+      - save_cache:
+          paths:
+            - ./vendor/bundle
+          key: v1-dependencies-{{ checksum "Gemfile.lock" }}
+
+      # run tests!
+      - run:
+          name: run tests
+          command: bundle exec rake

data/.gitignore

@@ -37,3 +37,4 @@ log
 test/tmp/*
 *.gem
 Gemfile.lock
+*.lock

data/.rubocop.yml

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.2
+  TargetRubyVersion: 2.3
   Include:
     - '**/Rakefile'
     - '**/config.ru'
@@ -20,9 +20,29 @@ Rails:
 Metrics/MethodLength:
   Enabled: false
 
+Metrics/LineLength:
+  Max: 100
+
+Naming/FileName:
+  Exclude: ["devise-security.gemspec"]
+
+Style/ClassAndModuleChildren:
+  EnforcedStyle: compact
+  SupportedStyles:
+    - nested
+    - compact
+
+Style/HashSyntax:
+  EnforcedStyle: ruby19
+
+Style/SymbolArray:
+  EnforcedStyle: brackets
+
 # Trailing commas make for clearer diffs because the last line won't appear
 # to have been changed, as it would if it lacked a comma and had one added.
-Style/TrailingCommaInLiteral:
+Style/TrailingCommaInArrayLiteral:
+  EnforcedStyleForMultiline: comma
+Style/TrailingCommaInHashLiteral:
   EnforcedStyleForMultiline: comma
 Style/TrailingCommaInArguments:
   EnforcedStyleForMultiline: comma

data/.ruby-version

@@ -1 +1 @@
-2.2.8
+2.2.9

data/.travis.yml

@@ -4,10 +4,22 @@ install: bundle install --jobs=3 --retry=3
 before_script: bundle install
 script: bundle exec rake
 rvm:
-  - 2.2.8
-  - 2.3.5
-  - 2.4.2
+  - 2.2.9
+  - 2.3.6
+  - 2.4.3
+  - 2.5.0
   - ruby-head
 matrix:
   allow_failures:
     - rvm: ruby-head
+    - gemfile: gemfiles/rails_5.2_rc1.gemfile
+    - rvm: 2.4.3
+      gemfile: gemfiles/rails_4.1_stable.gemfile
+    - rvm: 2.5.0
+      gemfile: gemfiles/rails_4.1_stable.gemfile
+gemfile:
+  - gemfiles/rails_4.1_stable.gemfile
+  - gemfiles/rails_4.2_stable.gemfile
+  - gemfiles/rails_5.0_stable.gemfile
+  - gemfiles/rails_5.1_stable.gemfile
+  - gemfiles/rails_5.2_rc1.gemfile

data/Appraisals

@@ -0,0 +1,19 @@
+appraise 'rails-4.1-stable' do
+  gem 'rails', '~> 4.1.0'
+end
+
+appraise 'rails-4.2-stable' do
+  gem 'rails', '~> 4.2.0'
+end
+
+appraise 'rails-5.0-stable' do
+  gem 'rails', '~> 5.0.0'
+end
+
+appraise 'rails-5.1-stable' do
+  gem 'rails', '~> 5.1.0'
+end
+
+appraise 'rails-5.2-rc1' do
+  gem 'rails', '~> 5.2.0.rc1'
+end

data/Gemfile

@@ -1,2 +1,3 @@
 source "https://rubygems.org"
 gemspec
+gem 'omniauth'

data/README.md

@@ -1,12 +1,14 @@
 # Devise Security
 
 [![Build Status](https://travis-ci.org/devise-security/devise-security.svg?branch=master)](https://travis-ci.org/devise-security/devise-security)
+[![Coverage Status](https://coveralls.io/repos/github/devise-security/devise-security/badge.svg?branch=master)](https://coveralls.io/github/devise-security/devise-security?branch=master)
+[![Maintainability](https://api.codeclimate.com/v1/badges/ace7cd003a0db8bffa5a/maintainability)](https://codeclimate.com/github/devise-security/devise-security/maintainability)
 
 A [Devise](https://github.com/plataformatec/devise) extension to add additional security features required by modern web applications. Forked from [Devise Security Extension](https://github.com/phatworx/devise_security_extension)
 
 It is composed of 7 additional Devise modules:
 
-* `:password_expirable` - passwords will expire after a configured time (and will need an update). You will most likely want to use `:password_expirable` together with the `:password_archivable` module to [prevent the current expired password being reused](https://github.com/phatworx/devise-security/issues/175) immediately as the new password.
+* `:password_expirable` - passwords will expire after a configured time (and will need an update). You will most likely want to use `:password_expirable` together with the `:password_archivable` module to [prevent the current expired password being reused](https://github.com/phatworx/devise_security_extension/issues/175) immediately as the new password.
 * `:secure_validatable` - better way to validate a model (email, stronger password validation). Don't use with Devise `:validatable` module!
 * `:password_archivable` - save used passwords in an `old_passwords` table for history checks (don't be able to use a formerly used password)
 * `:session_limitable` - ensures, that there is only one session usable per account at once
@@ -22,7 +24,7 @@ Configuration and database schema for each module below.
 
 ## Getting started
 
-Devise Security works with Devise on Rails 3.2 onwards. You can add it to your Gemfile after you successfully set up Devise (see [Devise documentation](https://github.com/plataformatec/devise)) with:
+Devise Security works with Devise on Rails 4.1 onwards. You can add it to your Gemfile after you successfully set up Devise (see [Devise documentation](https://github.com/plataformatec/devise)) with:
 
 ```ruby
 gem 'devise-security'
@@ -120,6 +122,8 @@ rails generate easy_captcha:install
 
 ## Schema
 
+Note: Unlike Devise, devise-security does not currently support mongoid.  Pull requests are welcome!
+
 ### Password expirable
 ```ruby
 create_table :the_resources do |t|
@@ -133,12 +137,13 @@ add_index :the_resources, :password_changed_at
 ### Password archivable
 ```ruby
 create_table :old_passwords do |t|
-  t.string :encrypted_password, :null => false
-  t.string :password_archivable_type, :null => false
-  t.integer :password_archivable_id, :null => false
+  t.string :encrypted_password, null: false
+  t.string :password_archivable_type, null: false
+  t.integer :password_archivable_id, null: false
+  t.string :password_salt # Optional. bcrypt stores the salt in the encrypted password field so this column may not be necessary.
   t.datetime :created_at
 end
-add_index :old_passwords, [:password_archivable_type, :password_archivable_id], :name => :index_password_archivable
+add_index :old_passwords, [:password_archivable_type, :password_archivable_id], name: :index_password_archivable
 ```
 
 ### Session limitable
@@ -146,7 +151,7 @@ add_index :old_passwords, [:password_archivable_type, :password_archivable_id],
 create_table :the_resources do |t|
   # other devise fields
 
-  t.string :unique_session_id, :limit => 20
+  t.string :unique_session_id, limit: 20
 end
 ```
 
@@ -189,8 +194,8 @@ end
 
 ```ruby
 create_table :security_questions do |t|
-  t.string :locale, :null => false
-  t.string :name, :null => false
+  t.string :locale, null: false
+  t.string :name, null: false
 end
 
 SecurityQuestion.create! locale: :de, name: 'Wie lautet der Geburstname Ihrer Mutter?'
@@ -222,7 +227,7 @@ end
 ## Requirements
 
 * Devise (https://github.com/plataformatec/devise)
-* Rails 3.2 onwards (http://github.com/rails/rails)
+* Rails 4.1 onwards (http://github.com/rails/rails)
 * recommendations:
   * `autocomplete-off` (http://github.com/phatworx/autocomplete-off)
   * `easy_captcha` (http://github.com/phatworx/easy_captcha)

data/Rakefile

@@ -1,4 +1,6 @@
-$:.unshift File.join(File.dirname(__FILE__), 'lib')
+# frozen_string_literal: true
+
+$LOAD_PATH.unshift File.join(File.dirname(__FILE__), 'lib')
 require 'rubygems'
 require 'bundler'
 require 'rake/testtask'

data/app/controllers/devise/paranoid_verification_code_controller.rb

@@ -1,6 +1,6 @@
 class Devise::ParanoidVerificationCodeController < DeviseController
   skip_before_action :handle_paranoid_verification
-  prepend_before_action :authenticate_scope!, :only => [:show, :update]
+  prepend_before_action :authenticate_scope!, only: [:show, :update]
 
   def show
     if !resource.nil? && resource.need_paranoid_verification?

data/app/controllers/devise/password_expired_controller.rb

@@ -1,7 +1,7 @@
 class Devise::PasswordExpiredController < DeviseController
   skip_before_action :handle_password_change
   before_action :skip_password_change, only: [:show, :update]
-  prepend_before_action :authenticate_scope!, :only => [:show, :update]
+  prepend_before_action :authenticate_scope!, only: [:show, :update]
 
   def show
     respond_with(resource)

data/app/views/devise/paranoid_verification_code/show.html.erb

@@ -1,10 +1,10 @@
 <h2>Submit verification code</h2>
 
-<%= form_for(resource, :as => resource_name, :url => [resource_name, :paranoid_verification_code], :html => { :method => :put }) do |f| %>
+<%= form_for(resource, as: resource_name, url: [resource_name, :paranoid_verification_code], html: { method: :put }) do |f| %>
   <%= devise_error_messages! %>
 
   <p><%= f.label :paranoid_verification_code, 'Verification code' %><br />
   <%= f.text_field :paranoid_verification_code, value: '' %></p>
 
-  <p><%= f.submit "Submit" %></p>
+  <p><%= f.submit 'Submit' %></p>
 <% end %>

data/app/views/devise/password_expired/show.html.erb

@@ -1,16 +1,16 @@
 <h2>Renew your password</h2>
 
-<%= form_for(resource, :as => resource_name, :url => [resource_name, :password_expired], :html => { :method => :put }) do |f| %>
+<%= form_for(resource, as: resource_name, url: [resource_name, :password_expired], html: { method: :put }) do |f| %>
   <%= devise_error_messages! %>
 
-  <p><%= f.label :current_password, "Current password" %><br />
+  <p><%= f.label :current_password, 'Current password' %><br />
   <%= f.password_field :current_password %></p>
 
-  <p><%= f.label :password, "New password" %><br />
+  <p><%= f.label :password, 'New password' %><br />
   <%= f.password_field :password %></p>
 
-  <p><%= f.label :password_confirmation, "Confirm new password" %><br />
+  <p><%= f.label :password_confirmation, 'Confirm new password' %><br />
   <%= f.password_field :password_confirmation %></p>
 
-  <p><%= f.submit "Change my password" %></p>
+  <p><%= f.submit 'Change my password' %></p>
 <% end %>

data/config/locales/de.yml

@@ -1,16 +1,16 @@
 de:
   errors:
     messages:
-      taken_in_past: "wurde bereits in der Vergangenheit verwendet!"
-      equal_to_current_password: "darf nicht dem aktuellen Passwort entsprechen!"
-      password_format: "müssen große, kleine Buchstaben und Ziffern enthalten"
+      taken_in_past: 'wurde bereits in der Vergangenheit verwendet!'
+      equal_to_current_password: 'darf nicht dem aktuellen Passwort entsprechen!'
+      password_format: 'müssen große, kleine Buchstaben und Ziffern enthalten'
   devise:
-    invalid_captcha: "Die Captchaeingabe ist nicht gültig!"
+    invalid_captcha: 'Die Captchaeingabe ist nicht gültig!'
     paranoid_verify:
-      code_required: "Bitte geben Sie den Code unser Support-Team zur Verfügung gestellt"
+      code_required: 'Bitte geben Sie den Code unser Support-Team zur Verfügung gestellt'
     password_expired:
-      updated: "Das neue Passwort wurde übernommen."
-      change_required: "Ihr Passwort ist abgelaufen. Bitte vergeben sie ein neues Passwort!"
+      updated: 'Das neue Passwort wurde übernommen.'
+      change_required: 'Ihr Passwort ist abgelaufen. Bitte vergeben sie ein neues Passwort!'
     failure:
       session_limited: 'Ihre Anmeldedaten wurden in einem anderen Browser genutzt. Bitte melden Sie sich erneut an, um in diesem Browser fortzufahren.'
       expired: 'Ihr Account ist aufgrund zu langer Inaktiviät abgelaufen. Bitte kontaktieren Sie den Administrator.'

data/config/locales/en.yml

@@ -1,17 +1,17 @@
 en:
   errors:
     messages:
-      taken_in_past: "was used previously."
-      equal_to_current_password: "must be different than the current password."
-      password_format: "must contain big, small letters and digits"
+      taken_in_past: 'was used previously.'
+      equal_to_current_password: 'must be different than the current password.'
+      password_format: 'must contain big, small letters and digits'
   devise:
-    invalid_captcha: "The captcha input was invalid."
-    invalid_security_question: "The security question answer was invalid."
+    invalid_captcha: 'The captcha input was invalid.'
+    invalid_security_question: 'The security question answer was invalid.'
     paranoid_verify:
-      code_required: "Please enter the code our support team provided"
+      code_required: 'Please enter the code our support team provided'
     password_expired:
-      updated: "Your new password is saved."
-      change_required: "Your password is expired. Please renew your password."
+      updated: 'Your new password is saved.'
+      change_required: 'Your password is expired. Please renew your password.'
     failure:
       session_limited: 'Your login credentials were used in another browser. Please sign in again to continue in this browser.'
       expired: 'Your account has expired due to inactivity. Please contact the site administrator.'

data/config/locales/es.yml

@@ -1,17 +1,17 @@
 es:
   errors:
     messages:
-      taken_in_past: "la contraseña fue usada previamente, favor elegir otra."
-      equal_to_current_password: "tiene que ser diferente a la contraseña actual."
-      password_format: "tiene que contener mayúsculas, minúsculas y digitos "
+      taken_in_past: 'la contraseña fue usada previamente, favor elegir otra.'
+      equal_to_current_password: 'tiene que ser diferente a la contraseña actual.'
+      password_format: 'tiene que contener mayúsculas, minúsculas y digitos '
   devise:
-    invalid_captcha: "El captcha ingresado es inválido."
-    invalid_security_question: "La respuesta a la pregunta de suguridad fue incorrecta."
+    invalid_captcha: 'El captcha ingresado es inválido.'
+    invalid_security_question: 'La respuesta a la pregunta de suguridad fue incorrecta.'
     paranoid_verify:
-      code_required: "Por favor ingrese el código provisto por nuestro equipo de soporte"
+      code_required: 'Por favor ingrese el código provisto por nuestro equipo de soporte'
     password_expired:
-      updated: "Su nueva contraña ha sido guardada."
-      change_required: "Su contraña ha expirado. Por favor renueve su contraseña."
+      updated: 'Su nueva contraña ha sido guardada.'
+      change_required: 'Su contraña ha expirado. Por favor renueve su contraseña.'
     failure:
       session_limited: 'Sus credenciales de inicio de sesión fueron usadas en otro navegador. Por favor inicie sesión nuevamente para continuar en éste navegador.'
       expired: 'Su cuenta ha expirado debido a inactividad. Por favor contacte al administrador de la aplicación.'

data/devise-security.gemspec

@@ -1,5 +1,7 @@
 # -*- encoding: utf-8 -*-
-$LOAD_PATH.unshift(File.expand_path('../lib', __FILE__))
+# frozen_string_literal: true
+
+$LOAD_PATH.push File.expand_path('../lib', __FILE__)
 require 'devise-security/version'
 
 Gem::Specification.new do |s|
@@ -10,7 +12,7 @@ Gem::Specification.new do |s|
   s.summary     = 'Security extension for devise'
   s.email       = 'natebird@gmail.com'
   s.homepage    = 'https://github.com/devise-security/devise-security'
-  s.description = 'An enterprise security extension for devise, trying to meet industrial standard security demands for web applications.'
+  s.description = 'An enterprise security extension for devise.'
   s.authors     = [
     'Marco Scholl', 'Alexander Dreher', 'Nate Bird', 'Dillon Welch'
   ]
@@ -18,20 +20,24 @@ Gem::Specification.new do |s|
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- test/*`.split("\n")
   s.require_paths = ['lib']
-  s.required_ruby_version = '>= 2.2.2'
+  s.required_ruby_version = '>= 2.2.9'
 
   if RUBY_VERSION >= '2.4'
-    s.add_runtime_dependency 'rails', '>= 4.2.8', '< 6.0'
+    s.add_runtime_dependency 'rails', '>= 4.1.0', '< 6.0'
   else
-    s.add_runtime_dependency 'railties', '>= 3.2.6', '< 6.0'
+    s.add_runtime_dependency 'railties', '>= 4.1.0', '< 6.0'
   end
   s.add_runtime_dependency 'devise', '>= 4.2.0', '< 5.0'
 
+  s.add_development_dependency 'appraisal'
   s.add_development_dependency 'bundler', '>= 1.3.0', '< 2.0'
   s.add_development_dependency 'coveralls', '~> 0.8'
   s.add_development_dependency 'easy_captcha', '~> 0'
   s.add_development_dependency 'm'
-  s.add_development_dependency 'minitest', '~> 5.0'
+  s.add_development_dependency 'minitest', '5.10.3' # see https://github.com/seattlerb/minitest/issues/730
+  s.add_development_dependency 'pry-byebug'
+  s.add_development_dependency 'pry-rescue'
+  s.add_development_dependency 'pry'
   s.add_development_dependency 'rails_email_validator', '~> 0'
   s.add_development_dependency 'rubocop', '~> 0'
   s.add_development_dependency 'sqlite3', '~> 1.3', '>= 1.3.10'

data/gemfiles/rails_4.1_stable.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "omniauth"
+gem "rails", "~> 4.1.0"
+
+gemspec path: "../"

data/gemfiles/rails_4.2_stable.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "omniauth"
+gem "rails", "~> 4.2.0"
+
+gemspec path: "../"