devise-security 0.16.0 → 0.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1d065158ce85c823918ca0fb7ad40382ca9957f7c5e0847e1fec86e1eaed0ffb
-  data.tar.gz: fa07606b583076da6b68ceeddf70f74f80c05f3adf752a057b8f935c9af68fb6
+  metadata.gz: 9d2d19c261f7efb929b61e3bfdb31fbe0dce4ae5ab81d829508338ec86486f09
+  data.tar.gz: fa6c34683e462867b85d9fefe9132dae0891e0fca4eb1fa32fc0c1f9fc9177f3
 SHA512:
-  metadata.gz: 7f18a70374b20c80908006811184fc4757c4f678e11ff226d60b78ff0a3c1cf2612382185911b23692c6c7ed1553914f1361ab1243948ad1e1ff3ac91fdb5ab7
-  data.tar.gz: 68e392e9f0049659ad62977a0bb31910d4942b26ab24fab11b28e1e875286f2b48e9da20dd952f94bc4ac8350b1cd5199d9984e431d4664c865544a095b274b8
+  metadata.gz: 99cd7b257250d09474d2de4b1aeb2348ca1ec8ca651ff0cc11121e23a71faea5bc2085293c83fcb11d4d641d402a76977185df3bd39a2862d3cab6359a1f90ec
+  data.tar.gz: fc55c011517dbaaab893ebb5da71d6fcd0d65de43de21bb51620cec29104a187e6fb405f159b3ad14a5f40109c9e4a9d18695ae020f0485393fc9b5d4840968d

data/README.md

@@ -37,7 +37,7 @@ automated mass creation and brute forcing of accounts harder)
 
 ## Getting started
 
-Devise Security works with Devise on Rails >= 5.0. You can add it to your
+Devise Security works with Devise on Rails >= 5.2. You can add it to your
 Gemfile after you successfully set up Devise (see
 [Devise documentation](https://github.com/heartcombo/devise)) with:
 
@@ -89,6 +89,8 @@ Devise.setup do |config|
   # config.expire_password_after = 3.months | true | false
 
   # Need 1 char each of: A-Z, a-z, 0-9, and a punctuation mark or symbol
+  # You may use "digits" in place of "digit" and "symbols" in place of
+  # "symbol" based on your preference
   # config.password_complexity = { digit: 1, lower: 1, symbol: 1, upper: 1 }
 
   # Number of old passwords in archive
@@ -321,7 +323,7 @@ end
 ## Requirements
 
 - Devise (<https://github.com/heartcombo/devise>)
-- Rails 5.0 onwards (<http://github.com/rails/rails>)
+- Rails 5.2 onwards (<http://github.com/rails/rails>)
 - recommendations:
   - `autocomplete-off` (<http://github.com/phatworx/autocomplete-off>)
   - `easy_captcha` (<http://github.com/phatworx/easy_captcha>)

data/app/controllers/devise/paranoid_verification_code_controller.rb

@@ -17,12 +17,24 @@ class Devise::ParanoidVerificationCodeController < DeviseController
       warden.session(scope)['paranoid_verify'] = false
       set_flash_message :notice, :updated
       bypass_sign_in resource, scope: scope
-      redirect_to stored_location_for(scope) || :root
+      redirect_to after_paranoid_verification_code_update_path_for(resource)
     else
       respond_with(resource, action: :show)
     end
   end
 
+  # Allows you to customize where the user is redirected to after the update action
+  # successfully completes.
+  #
+  # Defaults to the request's original path, and then `root` if that is `nil`.
+  #
+  # @param resource [ActiveModel::Model] Devise `resource` model for logged in user.
+  #
+  # @return [String, Symbol] The path that the user will be redirected to.
+  def after_paranoid_verification_code_update_path_for(_resource)
+    stored_location_for(scope) || :root
+  end
+
   private
 
   def resource_params

data/app/controllers/devise/password_expired_controller.rb

@@ -24,17 +24,30 @@ class Devise::PasswordExpiredController < DeviseController
       warden.session(scope)['password_expired'] = false
       set_flash_message :notice, :updated
       bypass_sign_in resource, scope: scope
-      respond_with({}, location: stored_location_for(scope) || :root)
+      respond_with({}, location: after_password_expired_update_path_for(resource))
     else
       clean_up_passwords(resource)
       respond_with(resource, action: :show)
     end
   end
 
+  # Allows you to customize where the user is sent to after the update action
+  # successfully completes.
+  #
+  # Defaults to the request's original path, and then `root` if that is `nil`.
+  #
+  # @param resource [ActiveModel::Model] Devise `resource` model for logged in user.
+  #
+  # @return [String, Symbol] The path that the user will be sent to.
+  def after_password_expired_update_path_for(_resource)
+    stored_location_for(scope) || :root
+  end
+
   private
 
   def skip_password_change
     return if !resource.nil? && resource.need_change_password?
+
     redirect_to :root
   end
 

data/config/locales/bg.yml

@@ -0,0 +1,41 @@
+bg:
+  errors:
+    messages:
+      taken_in_past: 'е използвана и преди.'
+      equal_to_current_password: 'трябва да е различна от настоящата парола.'
+      equal_to_email: 'трябва да е различна от e-mail адреса.'
+      password_complexity:
+        digit:
+          one: трябва да съдържа поне една цифра
+          other: трябва да съдържа %{count} цифри
+        lower:
+          one: трябва да съдържа поне една малка буква
+          other: трябва да съдържа поне %{count} малки букви
+        symbol:
+          one: трябва да съдържа поне един пунктоационен знак или символ
+          other: трябва да съдържа поне %{count} пунктоационни знака или символи
+        upper:
+          one: трябва да съдържа поне една главна буква
+          other: трябва да съдържа поне %{count} главни букви
+  devise:
+    invalid_captcha: 'Кодът е грешен.'
+    invalid_security_question: 'Отговора на тайния въпрос е грешен.'
+    paranoid_verify:
+      code_required: 'Моля въведете кода, който нашия екип по поддръжката Ви е предоставил'
+    paranoid_verification_code:
+      show:
+        submit_verification_code: Изпрати код за потвърждение
+        verification_code: Код за потвърждение
+        submit: Изпрати
+    password_expired:
+      updated: 'Вашата нова парола е запазена.'
+      change_required: 'Вашата парола е изтекла. Моля подновете паролата си.'
+      show:
+        renew_your_password: Подновете паролата си
+        current_password: Настояща парола
+        new_password: Нова парола
+        new_password_confirmation: Потвърждение на нова парола
+        change_my_password: Промени паролата ми
+    failure:
+      session_limited: 'Вашето потребителско име и парола са използвани в друг браузър. Моля влезте отново за да продължите в този браузър.'
+      expired: 'Вашия акаунт е затворен поради неактивност. Моля свържете се с администратор.'

data/config/locales/de.yml

@@ -19,8 +19,10 @@ de:
           other: muss mindestens %{count} Großbuchstaben enthalten
   devise:
     invalid_captcha: 'Die Captcha-Eingabe ist nicht gültig.'
+    invalid_security_question: 'Die Antwort auf die Sicherheitsfrage war ungültig.'
     paranoid_verify:
       code_required: 'Bitte geben Sie den Code ein, den unser Support-Team zur Verfügung gestellt hat.'
+    paranoid_verification_code:
       show:
         submit_verification_code: Bestätigungscode eingeben
         verification_code: Bestätigungscode

data/config/locales/en.yml

@@ -7,7 +7,7 @@ en:
       password_complexity:
         digit:
           one: must contain at least one digit
-          other: must contain at least %{count} numerals
+          other: must contain at least %{count} digits
         lower:
           one: must contain at least one lower-case letter
           other: must contain at least %{count} lower-case letters
@@ -23,6 +23,7 @@ en:
     paranoid_verify:
       code_required: 'Please enter the code our support team provided'
     paranoid_verification_code:
+      updated: Verification code accepted
       show:
         submit_verification_code: Submit verification code
         verification_code: Verification code

data/lib/devise-security/models/database_authenticatable_patch.rb

@@ -5,18 +5,28 @@ module Devise
     module DatabaseAuthenticatablePatch
       def update_with_password(params, *options)
         current_password = params.delete(:current_password)
+        valid_password = valid_password?(current_password)
 
         new_password = params[:password]
         new_password_confirmation = params[:password_confirmation]
 
-        result = if valid_password?(current_password) && new_password.present? && new_password_confirmation.present?
+        result = if valid_password && new_password.present? && new_password_confirmation.present?
           update(params, *options)
         else
           self.assign_attributes(params, *options)
-          self.valid?
-          self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
-          self.errors.add(:password, new_password.blank? ? :blank : :invalid)
-          self.errors.add(:password_confirmation, new_password_confirmation.blank? ? :blank : :invalid)
+
+          if current_password.blank?
+            self.errors.add(:current_password, :blank)
+          elsif !valid_password
+            self.errors.add(:current_password, :invalid)
+          end
+
+          self.errors.add(:password, :blank) if new_password.blank?
+
+          if new_password_confirmation.blank?
+            self.errors.add(:password_confirmation, :blank)
+          end
+
           false
         end
 

data/lib/devise-security/models/password_archivable.rb

@@ -41,7 +41,7 @@ module Devise
       def password_archive_included?
         return false unless max_old_passwords.positive?
 
-        old_passwords_including_cur_change = old_passwords.order(created_at: :desc).limit(max_old_passwords).pluck(:encrypted_password)
+        old_passwords_including_cur_change = old_passwords.reorder(created_at: :desc).limit(max_old_passwords).pluck(:encrypted_password)
         old_passwords_including_cur_change << encrypted_password_was # include most recent change in list, but don't save it yet!
         old_passwords_including_cur_change.any? do |old_password|
           # NOTE: we deliberately do not do mass assignment here so that users that
@@ -73,7 +73,7 @@ module Devise
           return true if old_passwords.where(encrypted_password: encrypted_password_was).exists?
 
           old_passwords.create!(encrypted_password: encrypted_password_was) if encrypted_password_was.present?
-          old_passwords.order(created_at: :desc).offset(max_old_passwords).destroy_all
+          old_passwords.reorder(created_at: :desc).offset(max_old_passwords).destroy_all
         else
           old_passwords.destroy_all
         end

data/lib/devise-security/models/secure_validatable.rb

@@ -44,20 +44,39 @@ module Devise
               validates :email, uniqueness: true, allow_blank: true, if: :email_changed? # check uniq for email ever
             end
 
-            validates :password, presence: true, length: password_length, confirmation: true, if: :password_required?
+            validates_presence_of :password, if: :password_required?
+            validates_confirmation_of :password, if: :password_required?
+
+            validate if: :password_required? do |record|
+              validates_with ActiveModel::Validations::LengthValidator,
+                             attributes: :password,
+                             allow_blank: true,
+                             in: record.password_length
+            end
           end
 
           # extra validations
-          validates :email, email: email_validation if email_validation # see https://github.com/devise-security/devise-security/blob/master/README.md#e-mail-validation
-          validates :password,
-                    'devise_security/password_complexity': password_complexity,
-                    if: :password_required?
+          # see https://github.com/devise-security/devise-security/blob/master/README.md#e-mail-validation
+          validate do |record|
+            if email_validation
+              validates_with(
+                EmailValidator, { attributes: :email }
+              )
+            end
+          end
+
+          validate if: :password_required? do |record|
+            validates_with(
+              record.password_complexity_validator.is_a?(Class) ? record.password_complexity_validator : record.password_complexity_validator.classify.constantize,
+              { attributes: :password }.merge(record.password_complexity)
+            )
+          end
 
           # don't allow use same password
           validate :current_equal_password_validation
 
           # don't allow email to equal password
-          validate :email_not_equal_password_validation unless allow_passwords_equal_to_email
+          validate :email_not_equal_password_validation
         end
       end
 
@@ -74,14 +93,13 @@ module Devise
       end
 
       def email_not_equal_password_validation
-        return if password.blank? || (!new_record? && !will_save_change_to_encrypted_password?)
-        dummy = self.class.new.tap do |user|
-          user.password_salt = password_salt if respond_to?(:password_salt)
-          # whether case_insensitive_keys or strip_whitespace_keys include email or not, any
-          # variation of the email should not be a supported password
-          user.password = email.downcase.strip
-        end
-        self.errors.add(:password, :equal_to_email) if dummy.valid_password?(password.downcase.strip)
+        return if allow_passwords_equal_to_email
+
+        return if password.blank? || email.blank? || (!new_record? && !will_save_change_to_encrypted_password?)
+
+        return unless Devise.secure_compare(password.downcase.strip, email.downcase.strip)
+
+        errors.add(:password, :equal_to_email)
       end
 
       protected
@@ -89,6 +107,8 @@ module Devise
       # Checks whether a password is needed or not. For validations only.
       # Passwords are always required if it's a new record, or if the password
       # or confirmation are being set somewhere.
+      #
+      # @return [Boolean]
       def password_required?
         !persisted? || !password.nil? || !password_confirmation.nil?
       end
@@ -97,8 +117,24 @@ module Devise
         true
       end
 
+      delegate(
+        :allow_passwords_equal_to_email,
+        :email_validation,
+        :password_complexity,
+        :password_complexity_validator,
+        :password_length,
+        to: :class
+      )
+
       module ClassMethods
-        Devise::Models.config(self, :password_complexity, :password_length, :email_validation, :allow_passwords_equal_to_email)
+        Devise::Models.config(
+          self,
+          :allow_passwords_equal_to_email,
+          :email_validation,
+          :password_complexity,
+          :password_complexity_validator,
+          :password_length
+        )
 
         private
 

data/lib/devise-security/validators/password_complexity_validator.rb

@@ -1,35 +1,62 @@
 # frozen_string_literal: true
 
-# Password complexity validator
+# (NIST)[https://pages.nist.gov/800-63-3/sp800-63b.html#appA] does not recommend
+# the use of a password complexity checks because...
+#
+# > Length and complexity requirements beyond those recommended here
+# > significantly increase the difficulty of memorized secrets and increase user
+# > frustration. As a result, users often work around these restrictions in a
+# > way that is counterproductive. Furthermore, other mitigations such as
+# > blacklists, secure hashed storage, and rate limiting are more effective at
+# > preventing modern brute-force attacks. Therefore, no additional complexity
+# > requirements are imposed.
+#
 # Options:
-# - digit:  minimum number of digits in the validated string
-# - digits: minimum number of digits in the validated string
-# - lower:  minimum number of lower-case letters in the validated string
-# - symbol: minimum number of punctuation characters or symbols in the validated string
-# - symbols: minimum number of punctuation characters or symbols in the validated string
-# - upper:  minimum number of upper-case letters in the validated string
+# - `digit | digits`:  minimum number of digits in the validated string. Uses
+#   the `digit` localization key.
+# - `lower`:  minimum number of lower-case letters in the validated string
+# - `symbol | symbols`: minimum number of punctuation characters or symbols in
+#   the validated string. Uses the `symbol` localization key.
+# - `upper`:  minimum number of upper-case letters in the validated string
 class DeviseSecurity::PasswordComplexityValidator < ActiveModel::EachValidator
-  PATTERNS = {
-    digit: /\p{Digit}/,
-    digits: /\p{Digit}/,
-    lower: /\p{Lower}/,
-    symbol: /\p{Punct}|\p{S}/,
-    symbols: /\p{Punct}|\p{S}/,
-    upper: /\p{Upper}/
-  }.freeze
+  # A Hash of the possible valid patterns that can be checked against. The keys
+  # for this Hash are singular symbols corresponding to entries in the
+  # localization files. Override or redefine this method if you want to include
+  # custom patterns (e.g., `letter: /\p{Alpha}/` for all letters).
+  #
+  # @return [Hash<Symbol,Regexp>]
+  def patterns
+    {
+      digit: /\p{Digit}/,
+      lower: /\p{Lower}/,
+      symbol: /\p{Punct}|\p{S}/,
+      upper: /\p{Upper}/
+    }
+  end
 
-  def validate_each(record, attribute, value)
-    active_pattern_keys.each do |key|
-      minimum = [0, options[key].to_i].max
-      pattern = Regexp.new PATTERNS[key]
+  # Validate the complexity of the password. This validation does not check to
+  # ensure the password is not blank. That is the responsibility of other
+  # validations. This validator will also ignore any patterns that are not
+  # explicitly configured to be used or whose minimum limits are less than 1.
+  #
+  # @param record [ActiveModel::Model]
+  # @param attribute [Symbol]
+  # @param password [String]
+  def validate_each(record, attribute, password)
+    return if password.blank?
 
-      unless (value || '').scan(pattern).size >= minimum
-        record.errors.add attribute, :"password_complexity.#{key}", count: minimum
-      end
-    end
-  end
+    options.sort.each do |pattern_name, minimum|
+      normalized_option = pattern_name.to_s.singularize.to_sym
 
-  def active_pattern_keys
-    options.keys & PATTERNS.keys
+      next unless patterns.key?(normalized_option)
+      next unless minimum.positive?
+      next if password.scan(patterns[normalized_option]).size >= minimum
+
+      record.errors.add(
+        attribute,
+        :"password_complexity.#{normalized_option}",
+        count: minimum
+      )
+    end
   end
 end

data/lib/devise-security/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DeviseSecurity
-  VERSION = '0.16.0'
+  VERSION = '0.17.0'
 end

data/lib/devise-security.rb

@@ -9,15 +9,20 @@ require 'devise'
 
 module Devise
   # Number of seconds that passwords are valid (e.g 3.months)
-  # Disable pasword expiration with +false+
+  # Disable password expiration with +false+
   # Expire only on demand with +true+
   mattr_accessor :expire_password_after
   @@expire_password_after = 3.months
 
-  # Validate password for strongness
+  # Validate password complexity
   mattr_accessor :password_complexity
   @@password_complexity = { digit: 1, lower: 1, symbol: 1, upper: 1 }
 
+  # Define the class used to validate password complexity. Set to a Class or a
+  # string which will be used to determine which class to use.
+  mattr_accessor :password_complexity_validator
+  @@password_complexity_validator = 'devise_security/password_complexity_validator'
+
   # Number of old passwords in archive
   mattr_accessor :password_archiving_count
   @@password_archiving_count = 5

data/lib/generators/templates/devise_security.rb

@@ -7,7 +7,9 @@ Devise.setup do |config|
   # Should the password expire (e.g 3.months)
   # config.expire_password_after = false
 
-  # Need 1 char of A-Z, a-z and 0-9
+  # Need 1 char each of: A-Z, a-z, 0-9, and a punctuation mark or symbol
+  # You may use "digits" in place of "digit" and "symbols" in place of
+  # "symbol" based on your preference
   # config.password_complexity = { digit: 1, lower: 1, symbol: 1, upper: 1 }
 
   # How many passwords to keep in archive

data/test/controllers/test_paranoid_verification_code_controller.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class Devise::ParanoidVerificationCodeControllerTest < ActionController::TestCase
+  include Devise::Test::ControllerHelpers
+
+  setup do
+    @request.env['devise.mapping'] = Devise.mappings[:user]
+
+    @user = User.create!(
+      username: 'hello',
+      email: 'hello@path.travel',
+      password: 'Password4',
+      confirmed_at: 5.months.ago,
+    )
+
+    sign_in(@user)
+  end
+
+  test 'redirects to root on show if user not logged in' do
+    sign_out(@user)
+    get :show
+    assert_redirected_to :root
+  end
+
+  test "redirects to root on show if user doesn't need paranoid verification" do
+    get :show
+    assert_redirected_to :root
+  end
+
+  test 'renders show on show if user needs paranoid verification' do
+    @user.update(paranoid_verification_code: 'cookies')
+    get :show
+    assert_template :show
+  end
+
+  test "redirects to root on update" do
+    patch :update, params: { user: { paranoid_verification_code: 'cookies' } }
+    assert_redirected_to :root
+    assert_equal 'Verification code accepted', flash[:notice]
+  end
+end
+
+class ParanoidVerificationCodeCustomRedirectTest < ActionController::TestCase
+  include Devise::Test::ControllerHelpers
+  tests Overrides::ParanoidVerificationCodeController
+
+  setup do
+    @request.env['devise.mapping'] = Devise.mappings[:paranoid_verification_user]
+
+    @user = ParanoidVerificationUser.create!(
+      username: 'hello',
+      email: 'hello@path.travel',
+      password: 'Password4',
+      confirmed_at: 5.months.ago,
+    )
+
+    sign_in(@user)
+  end
+
+  test 'redirects to custom redirect route on update' do
+    patch :update, params: { paranoid_verification_user: { paranoid_verification_code: 'cookies' } }
+
+    assert_redirected_to '/cats'
+    assert_equal 'Verification code accepted', flash[:notice]
+  end
+end

data/test/controllers/test_password_expired_controller.rb

@@ -76,6 +76,10 @@ class Devise::PasswordExpiredControllerTest < ActionController::TestCase
     assert_response :success
     assert_template :show
     assert_equal response.media_type, 'text/html'
+    assert_includes(
+      response.body,
+      'Password confirmation doesn&#39;t match Password'
+    )
   end
 
   test 'update password using JSON format' do
@@ -108,3 +112,37 @@ class Devise::PasswordExpiredControllerTest < ActionController::TestCase
     assert_nil response.media_type, 'No Content-Type header should be set for No Content response'
   end
 end
+
+class PasswordExpiredCustomRedirectTest < ActionController::TestCase
+  include Devise::Test::ControllerHelpers
+  tests Overrides::PasswordExpiredController
+
+  setup do
+    @controller.class.respond_to :json, :xml
+    @request.env['devise.mapping'] = Devise.mappings[:password_expired_user]
+    @user = PasswordExpiredUser.create!(
+      username: 'hello',
+      email: 'hello@path.travel',
+      password: 'Password4',
+      password_changed_at: 4.months.ago,
+      confirmed_at: 5.months.ago,
+    )
+    assert @user.valid?
+    assert @user.need_change_password?
+
+    sign_in(@user)
+  end
+
+  test 'update password with custom redirect route' do
+    put :update,
+        params: {
+          password_expired_user: {
+            current_password: 'Password4',
+            password: 'Password5',
+            password_confirmation: 'Password5',
+          },
+        }
+
+    assert_redirected_to '/cookies'
+  end
+end

data/test/dummy/app/controllers/overrides/paranoid_verification_code_controller.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class Overrides::ParanoidVerificationCodeController < Devise::ParanoidVerificationCodeController
+  def after_paranoid_verification_code_update_path_for(_)
+    '/cats'
+  end
+end

data/test/dummy/app/controllers/overrides/password_expired_controller.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class Overrides::PasswordExpiredController < Devise::PasswordExpiredController
+  def after_password_expired_update_path_for(_)
+    '/cookies'
+  end
+end

data/test/dummy/app/controllers/widgets_controller.rb

@@ -1,5 +1,8 @@
+# frozen_string_literal: true
+
 class WidgetsController < ApplicationController
   before_action :authenticate_user!
+
   def show
     render plain: 'success'
   end

data/test/dummy/app/models/application_user_record.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
+
 if DEVISE_ORM == :active_record
-  class ApplicationUserRecord < ActiveRecord::Base
+  class ApplicationUserRecord < ApplicationRecord
     self.table_name = 'users'
   end
 else

data/test/dummy/app/models/mongoid/confirmable_fields.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ConfirmableFields
   extend ::ActiveSupport::Concern
 

data/test/dummy/app/models/mongoid/database_authenticable_fields.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module DatabaseAuthenticatableFields
   extend ::ActiveSupport::Concern
 
@@ -6,10 +8,9 @@ module DatabaseAuthenticatableFields
 
     ## Database authenticatable
     field :username, type: String
-    field :email, type: String, default: ""
-    #validates_presence_of :email
+    field :email, type: String, default: ''
 
-    field :encrypted_password, type: String, default: ""
+    field :encrypted_password, type: String, default: ''
     validates_presence_of :encrypted_password
 
     include Mongoid::Timestamps

data/test/dummy/app/models/mongoid/expirable_fields.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ExpirableFields
   extend ::ActiveSupport::Concern
 

data/test/dummy/app/models/mongoid/lockable_fields.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module LockableFields
   extend ::ActiveSupport::Concern