devise-security 0.13.0 → 0.14.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 85c4ba49803f532f05e0068cb2c2277385945e50af8afc92afd7fc2d11952872
-  data.tar.gz: 5267a9c636fe9dd641f1743e0d21d36a925c89878b91fb9c04e922a04719cd00
+  metadata.gz: 7c4792b4c6cfb7669e27f8a7e10e07120a775e6df6e49684a58d0739c037455f
+  data.tar.gz: 9680c97a0e97e21f8e3c7c731be1b75ca3b9d32d43992069204707f91a8bbc82
 SHA512:
-  metadata.gz: d0155aafc0542df604d7c5f9c4041cb61b845942e321b818af1d0295196ab964ba1ef180061d6c2b2268091d6a47289e97bc6762fe6af6f0c5c4a32e1e4a9769
-  data.tar.gz: 958fac64a85c9cd791146c832d8a586b0c2a14ae0e561a828bef4766a97002910d033d84854b206e28d7ebb2c13a7b6e416044ccdcefb16afdff541a059e1500
+  metadata.gz: 6c4a5e3d4770a85b291591fb97251b44643b2f7a777e91eccd188ef17695acc6de6cd42dd05ffb8a21b6b4ea08ae70e583df2c7533424e35bb77c132740cbaad
+  data.tar.gz: a865684ed344f4f543b29217a6cd2ce0e62ef523de6953f4a8e5f41631b69943d8a38df0a2ce6b7a2a13fc6119c15aecdf1d65e95ef838fdd7769c78bfe91353

data/.codeclimate.yml

@@ -43,7 +43,7 @@ checks:
 plugins:
  rubocop:
   enabled: true
-  channel: rubocop-0-58
+  channel: rubocop-0-59
  markdownlint:
   enabled: true
  brakeman:

data/.gitignore

@@ -40,3 +40,4 @@ Gemfile.lock
 *.lock
 bin/*
 .yardoc
+.idea

data/.ruby-version

@@ -1 +1 @@
-2.3.7
+2.3

data/.travis.yml

@@ -1,23 +1,41 @@
 language: ruby
-before_install: gem install bundler && bundle -v
-install: bundle install --jobs=3 --retry=3
-before_script: bundle install
+dist: xenial
+before_install:
+  # install bundler < 2 because Rails 4.2 is incompatible with bundler >= 2
+  - gem install bundler -v '1.17.3'
+install: bundle _1.17.3_ install --jobs=2 --retry=2 --path=${BUNDLE_PATH:-vendor/bundle}
+cache: bundler
 script: bundle exec rake
 rvm:
-  - 2.3.7
-  - 2.4.4
-  - 2.5.1
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
   - ruby-head
+env:
+  matrix:
+    - DEVISE_ORM=active_record
+    - DEVISE_ORM=mongoid
+services:
+  - mongodb
 matrix:
-  allow_failures:
-    - rvm: ruby-head
-    - gemfile: gemfiles/rails_5.2_rc1.gemfile
-    - rvm: 2.4.4
+  exclude:
+    # Skip these combinations because they have incompatible dependencies
+    # and will always fail.
+    - rvm: 2.6
       gemfile: gemfiles/rails_4.2_stable.gemfile
-    - rvm: 2.5.1
+    - rvm: ruby-head
       gemfile: gemfiles/rails_4.2_stable.gemfile
+    - rvm: 2.3
+      gemfile: gemfiles/rails_6.0_beta.gemfile
+    - rvm: 2.4
+      gemfile: gemfiles/rails_6.0_beta.gemfile
+  allow_failures:
+    - rvm: ruby-head
+    - gemfile: gemfiles/rails_6.0_beta.gemfile
 gemfile:
   - gemfiles/rails_4.2_stable.gemfile
   - gemfiles/rails_5.0_stable.gemfile
   - gemfiles/rails_5.1_stable.gemfile
-  - gemfiles/rails_5.2.0.gemfile
+  - gemfiles/rails_5.2_stable.gemfile
+  - gemfiles/rails_6.0_beta.gemfile

data/Appraisals

@@ -1,19 +1,35 @@
-appraise 'rails-4.1-stable' do
-  gem 'rails', '~> 4.1.0'
-end
-
 appraise 'rails-4.2-stable' do
   gem 'rails', '~> 4.2.0'
+  gem 'bundler', '< 2'
+  group :mongoid do
+    gem "mongoid", "~> 4.0"
+  end
 end
 
 appraise 'rails-5.0-stable' do
   gem 'rails', '~> 5.0.0'
+  group :mongoid do
+    gem "mongoid", "~> 6.0"
+  end
 end
 
 appraise 'rails-5.1-stable' do
   gem 'rails', '~> 5.1.0'
+  group :mongoid do
+    gem "mongoid", "~> 6.0"
+  end
 end
 
-appraise 'rails-5.2.0' do
+appraise 'rails-5.2-stable' do
   gem 'rails', '~> 5.2.0'
+  group :mongoid do
+    gem "mongoid", "~> 6.0"
+  end
+end
+
+appraise 'rails-6.0-beta' do
+  gem 'rails', '~> 6.0.0.beta1'
+  group :mongoid do
+    gem "mongoid", "~> 6.0"
+  end
 end

data/Gemfile

@@ -1,3 +1,10 @@
 source "https://rubygems.org"
 gemspec
-gem 'omniauth'
+
+group :active_record do
+  gem 'sqlite3', '~> 1.3.0'
+end
+
+group :mongoid do
+  gem 'mongoid'
+end

data/README.md

@@ -104,6 +104,37 @@ Devise.setup do |config|
 end
 ```
 
+## Other ORMs
+
+Devise-security supports [Mongoid](https://rubygems.org/gems/mongoid) as an alternative ORM to active_record.  To use this ORM, add this to your `Gemfile`.
+
+    gem 'mongoid'
+
+And then ensure that the environment variable `DEVISE_ORM=mongoid` is set.
+
+For local development you will need to have MongoDB installed locally.
+
+    brew install mongodb
+
+### Rails App setup example with Mongoid
+
+```ruby
+# inside config/application.rb
+require File.expand_path('../boot', __FILE__)
+#...
+DEVISE_ORM=:mongoid
+
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(*Rails.groups)
+
+module MyApp
+  class Application < Rails::Application
+    #...
+  end
+end  
+```
+
 ## Captcha-Support
 
 The captcha support depends on [EasyCaptcha](https://github.com/phatworx/easy_captcha). See further documentation there.
@@ -132,8 +163,6 @@ rails generate easy_captcha:install
 
 ## Schema
 
-Note: Unlike Devise, devise-security does not currently support mongoid. Pull requests are welcome!
-
 ### Password expirable
 
 ```ruby
@@ -242,11 +271,13 @@ end
 
 ## Requirements
 
-- Devise (<https://github.com/plataformatec/devise>)
-- Rails 4.2 onwards (<http://github.com/rails/rails>)
-- recommendations:
-  - `autocomplete-off` (<http://github.com/phatworx/autocomplete-off>)
-  - `easy_captcha` (<http://github.com/phatworx/easy_captcha>)
+* Devise (<https://github.com/plataformatec/devise>)
+* Rails 4.2 onwards (<http://github.com/rails/rails>)
+* recommendations:
+    - `autocomplete-off` (<http://github.com/phatworx/autocomplete-off>)
+    - `easy_captcha` (<http://github.com/phatworx/easy_captcha>)
+    - `mongodb` (<https://www.mongodb.com/>)
+    - `rvm` (<https://rvm.io/>)
 
 ## Todo
 
@@ -282,6 +313,15 @@ See also [Github Releases](https://github.com/devise-security/devise-security/re
 - Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
 - Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
 
+## Running tests
+
+Standard tests can be invoked using `rake`.  To run the tests against the `mongoid` ORM, use `DEVISE_ORM=mongoid rake` while `mongodb` is running.
+
+To locally simulate what travis-ci will run when you push code use:
+
+    $ gem install bundler -v '1.17.3'
+    $ BUNDLER_VERSION=1.17.3 wwtd
+
 ## Copyright
 
 Copyright (c) 2011-2017 Marco Scholl. See LICENSE.txt for further details.

data/app/views/devise/paranoid_verification_code/show.html.erb

@@ -1,7 +1,7 @@
 <h2>Submit verification code</h2>
 
 <%= form_for(resource, as: resource_name, url: [resource_name, :paranoid_verification_code], html: { method: :put }) do |f| %>
-  <%= devise_error_messages! %>
+  <%= render partial: 'devise/shared/error_messages' %>
 
   <p><%= f.label :paranoid_verification_code, 'Verification code' %><br />
   <%= f.text_field :paranoid_verification_code, value: '' %></p>

data/app/views/devise/password_expired/show.html.erb

@@ -1,7 +1,7 @@
 <h2>Renew your password</h2>
 
 <%= form_for(resource, as: resource_name, url: [resource_name, :password_expired], html: { method: :put }) do |f| %>
-  <%= devise_error_messages! %>
+  <%= render partial: 'devise/shared/error_messages' %>
 
   <p><%= f.label :current_password, 'Current password' %><br />
   <%= f.password_field :current_password %></p>

data/config/locales/de.yml

@@ -1,28 +1,28 @@
 de:
   errors:
     messages:
-      taken_in_past: 'wurde bereits in der Vergangenheit verwendet!'
-      equal_to_current_password: 'darf nicht dem aktuellen Passwort entsprechen!'
+      taken_in_past: 'wurde bereits in der Vergangenheit verwendet.'
+      equal_to_current_password: 'darf nicht dem aktuellen Passwort entsprechen.'
       password_complexity:
         digit:
-          one: muss mindestens eine Nummer enthalten
-          other: muss mindestens %{count} Zahlen enthalten
+          one: muss mindestens eine Ziffer enthalten
+          other: muss mindestens %{count} Ziffern enthalten
         lower:
-          one: muss mindestens eine Kleinbuchstabe enthalten
+          one: muss mindestens einen Kleinbuchstaben enthalten
           other: muss mindestens %{count} Kleinbuchstaben enthalten
         symbol:
-          one: muss mindestens eine Satzzeichen enthalten
+          one: muss mindestens ein Satzzeichen enthalten
           other: muss mindestens %{count} Satzzeichen enthalten
         upper:
-          one: muss mindestens eine Großbuchstabe enthalten
+          one: muss mindestens einen Großbuchstaben enthalten
           other: muss mindestens %{count} Großbuchstaben enthalten
   devise:
-    invalid_captcha: 'Die Captchaeingabe ist nicht gültig!'
+    invalid_captcha: 'Die Captcha-Eingabe ist nicht gültig.'
     paranoid_verify:
-      code_required: 'Bitte geben Sie den Code unser Support-Team zur Verfügung gestellt'
+      code_required: 'Bitte geben Sie den Code ein, den unser Support-Team zur Verfügung gestellt hat.'
     password_expired:
       updated: 'Das neue Passwort wurde übernommen.'
-      change_required: 'Ihr Passwort ist abgelaufen. Bitte vergeben sie ein neues Passwort!'
+      change_required: 'Ihr Passwort ist abgelaufen. Bitte vergeben Sie ein neues Passwort.'
     failure:
       session_limited: 'Ihre Anmeldedaten wurden in einem anderen Browser genutzt. Bitte melden Sie sich erneut an, um in diesem Browser fortzufahren.'
-      expired: 'Ihr Account ist aufgrund zu langer Inaktiviät abgelaufen. Bitte kontaktieren Sie den Administrator.'
+      expired: 'Ihr Account ist aufgrund zu langer Inaktivität abgelaufen. Bitte kontaktieren Sie den Administrator.'

data/config/locales/fr.yml

@@ -1,29 +1,29 @@
 fr:
   errors:
     messages:
-      taken_in_past: a été utilisé trop récemment - s'il vous plaît, choisissez un autre
-      equal_to_current_password: doit être différent du l'actuel
+      taken_in_past: a été utilisé trop récemment. Veuillez en choisir un autre
+      equal_to_current_password: doit être différent de l'actuel
       password_complexity:
         digit:
-          one: doit containir en moins d'un chiffre
-          other: doit containir en moins de %{count} chiffres
+          one: doit contenir au moins un chiffre
+          other: doit contenir au moins %{count} chiffres
         lower:
-          one: doit containir en moins d'un miniscule
-          other: doit containir en moins de %{count} miniscules
+          one: doit contenir au moins une lettre miniscule
+          other: doit contenir au moins %{count} lettres miniscules
         symbol:
-          one: doit containir en moins d'un signe de ponctuation
-          other: doit containir en moins de %{count} signes de ponctuation
+          one: doit contenir au moins un signe de ponctuation
+          other: doit contenir au moins %{count} signes de ponctuation
         upper:
-          one: doit containir en moins d'un majuscule
-          other: doit containir en moins de %{count} majuscules
+          one: doit contenir au moins une lettre majuscule
+          other: doit contenir au moins %{count} lettres majuscules
   devise:
     invalid_captcha: Le captcha n'est pas valide
-    invalid_security_question: La réponse à la question de sécurité était invalide
+    invalid_security_question: La réponse à la question de sécurité est invalide
     paranoid_verify:
       code_required: Veuillez entrer le code fourni par notre équipe de support
     password_expired:
       updated: Votre nouveau mot de passe est enregistré
-      change_required: Votre mot de passe a expiré - s'il vous plaît, choisissez un autre
+      change_required: Votre mot de passe a expiré. Veuillez en choisir un autre
     failure:
       session_limited: Vos identifiants de connexion ont été utilisés dans un autre navigateur. Veuillez vous reconnecter pour continuer dans ce navigateur
-      expired: Votre compte a expiré en raison de l'inactivité. Veuillez contacter l'administrateur du site
+      expired: Votre compte a expiré pour cause d'inactivité. Veuillez contacter l'administrateur du site

data/config/locales/ja.yml

@@ -0,0 +1,29 @@
+ja:
+  errors:
+    messages:
+      taken_in_past: 'は既に使われています。'
+      equal_to_current_password: 'は現在のパスワードと異なるものである必要があります。'
+      password_complexity:
+        digit:
+          one: は最低1つの数字を含む必要があります。
+          other: は最低%{count}つの数字を含む必要があります。
+        lower:
+          one: は最低1つの小文字英字を含む必要があります。
+          other: は最低%{count}つの小文字英字を含む必要があります。
+        symbol:
+          one: は最低1つの記号を含む必要があります。
+          other: は最低%{count}つの記号を含む必要があります。
+        upper:
+          one: は最低1つの大文字英字を含む必要があります。
+          other: は最低%{count}つの大文字英字を含む必要があります。
+  devise:
+    invalid_captcha: 'キャプチャ入力が不正です。'
+    invalid_security_question: 'セキュリティ質問に対すつ回答が不正です。'
+    paranoid_verify:
+      code_required: 'サポートチームに提供された認証コードを入力してください。'
+    password_expired:
+      updated: '新しいパスワードが保存されました。'
+      change_required: 'パスワードが期限切れです。パスワードを新しく設定してください。'
+    failure:
+      session_limited: '他のブラウザでログインされました。このブラウザで続ける場合は、もう一度サインインしてください。'
+      expired: '活動がなかったため、あなたのアカウントは期限切れとなりました。サイト管理者に連絡してください。'

data/devise-security.gemspec

@@ -14,31 +14,37 @@ Gem::Specification.new do |s|
   s.homepage    = 'https://github.com/devise-security/devise-security'
   s.description = 'An enterprise security extension for devise.'
   s.authors     = [
-    'Marco Scholl', 'Alexander Dreher', 'Nate Bird', 'Dillon Welch'
+    'Marco Scholl',
+    'Alexander Dreher',
+    'Nate Bird',
+    'Dillon Welch',
+    'Kevin Olbrich'
   ]
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- test/*`.split("\n")
   s.require_paths = ['lib']
-  s.required_ruby_version = '>= 2.3.7'
+  s.required_ruby_version = '>= 2.3.0'
 
   if RUBY_VERSION >= '2.4'
-    s.add_runtime_dependency 'rails', '>= 4.2.0', '< 6.0'
+    s.add_runtime_dependency 'rails', '>= 4.2.0', '< 7.0'
   else
     s.add_runtime_dependency 'railties', '>= 4.2.0', '< 6.0'
   end
-  s.add_runtime_dependency 'devise', '>= 4.2.0', '< 5.0'
+  s.add_runtime_dependency 'devise', '>= 4.3.0', '< 5.0'
 
   s.add_development_dependency 'appraisal'
   s.add_development_dependency 'bundler'
   s.add_development_dependency 'coveralls'
+  s.add_development_dependency 'database_cleaner'
   s.add_development_dependency 'easy_captcha'
   s.add_development_dependency 'm'
   s.add_development_dependency 'minitest'
+  s.add_development_dependency 'omniauth'
   s.add_development_dependency 'pry-byebug'
   s.add_development_dependency 'pry-rescue'
-  s.add_development_dependency 'pry'
   s.add_development_dependency 'rails_email_validator'
-  s.add_development_dependency 'rubocop', '~> 0.58.0'
+  s.add_development_dependency 'rubocop', '~> 0.59.2'
   s.add_development_dependency 'sqlite3'
+  s.add_development_dependency 'wwtd'
 end

data/gemfiles/rails_4.2_stable.gemfile

@@ -2,7 +2,15 @@
 
 source "https://rubygems.org"
 
-gem "omniauth"
 gem "rails", "~> 4.2.0"
+gem "bundler", "< 2"
+
+group :active_record do
+  gem "sqlite3", "~> 1.3.0"
+end
+
+group :mongoid do
+  gem "mongoid", "~> 4.0"
+end
 
 gemspec path: "../"

data/gemfiles/rails_5.0_stable.gemfile

@@ -2,7 +2,14 @@
 
 source "https://rubygems.org"
 
-gem "omniauth"
 gem "rails", "~> 5.0.0"
 
+group :active_record do
+  gem "sqlite3", "~> 1.3.0"
+end
+
+group :mongoid do
+  gem "mongoid", "~> 6.0"
+end
+
 gemspec path: "../"

data/gemfiles/rails_5.1_stable.gemfile

@@ -2,7 +2,14 @@
 
 source "https://rubygems.org"
 
-gem "omniauth"
 gem "rails", "~> 5.1.0"
 
+group :active_record do
+  gem "sqlite3", "~> 1.3.0"
+end
+
+group :mongoid do
+  gem "mongoid", "~> 6.0"
+end
+
 gemspec path: "../"