devise-security 0.17.0 → 0.18.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (94) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE.txt +3 -1
  3. data/README.md +14 -5
  4. data/app/controllers/devise/paranoid_verification_code_controller.rb +14 -12
  5. data/app/controllers/devise/password_expired_controller.rb +8 -4
  6. data/config/locales/bg.yml +1 -0
  7. data/config/locales/by.yml +1 -0
  8. data/config/locales/cs.yml +5 -0
  9. data/config/locales/de.yml +1 -0
  10. data/config/locales/es.yml +12 -0
  11. data/config/locales/fa.yml +1 -0
  12. data/config/locales/fr.yml +14 -2
  13. data/config/locales/hi.yml +1 -0
  14. data/config/locales/it.yml +1 -0
  15. data/config/locales/ja.yml +12 -0
  16. data/config/locales/nl.yml +1 -0
  17. data/config/locales/pt.yml +1 -0
  18. data/config/locales/ru.yml +1 -0
  19. data/config/locales/tr.yml +25 -1
  20. data/config/locales/uk.yml +1 -0
  21. data/config/locales/zh_CN.yml +1 -0
  22. data/config/locales/zh_TW.yml +1 -0
  23. data/lib/devise-security/controllers/helpers.rb +23 -11
  24. data/lib/devise-security/hooks/expirable.rb +3 -3
  25. data/lib/devise-security/hooks/paranoid_verification.rb +1 -3
  26. data/lib/devise-security/hooks/password_expirable.rb +1 -3
  27. data/lib/devise-security/hooks/session_limitable.rb +4 -4
  28. data/lib/devise-security/models/compatibility/active_record_patch.rb +4 -3
  29. data/lib/devise-security/models/compatibility/mongoid_patch.rb +3 -2
  30. data/lib/devise-security/models/database_authenticatable_patch.rb +12 -14
  31. data/lib/devise-security/models/expirable.rb +6 -5
  32. data/lib/devise-security/models/paranoid_verification.rb +2 -2
  33. data/lib/devise-security/models/password_archivable.rb +1 -1
  34. data/lib/devise-security/models/secure_validatable.rb +6 -5
  35. data/lib/devise-security/orm/mongoid.rb +1 -1
  36. data/lib/devise-security/patches.rb +14 -8
  37. data/lib/devise-security/routes.rb +2 -3
  38. data/lib/devise-security/version.rb +1 -1
  39. data/lib/devise-security.rb +2 -1
  40. data/lib/generators/devise_security/install_generator.rb +3 -5
  41. data/lib/generators/templates/devise_security.rb +3 -0
  42. data/test/controllers/test_paranoid_verification_code_controller.rb +70 -5
  43. data/test/controllers/test_password_expired_controller.rb +57 -41
  44. data/test/controllers/test_security_question_controller.rb +25 -19
  45. data/test/dummy/app/controllers/overrides/password_expired_controller.rb +10 -0
  46. data/test/dummy/app/models/user.rb +4 -3
  47. data/test/dummy/app/mongoid/user_without_email.rb +4 -1
  48. data/test/dummy/config/application.rb +0 -4
  49. data/test/dummy/config/environments/test.rb +1 -0
  50. data/test/dummy/config/initializers/devise.rb +1 -5
  51. data/test/dummy/config/routes.rb +1 -1
  52. data/test/dummy/config.ru +1 -1
  53. data/test/dummy/db/migrate/20120508165529_create_tables.rb +2 -2
  54. data/test/dummy/log/test.log +34100 -90393
  55. data/test/i18n_test.rb +22 -0
  56. data/test/integration/test_paranoid_verification_code_workflow.rb +53 -0
  57. data/test/integration/test_password_expirable_workflow.rb +2 -2
  58. data/test/integration/test_session_limitable_workflow.rb +3 -3
  59. data/test/support/integration_helpers.rb +18 -12
  60. data/test/test_complexity_validator.rb +42 -41
  61. data/test/test_database_authenticatable_patch.rb +3 -3
  62. data/test/test_paranoid_verification.rb +8 -8
  63. data/test/test_password_expirable.rb +1 -1
  64. data/test/test_secure_validatable.rb +5 -13
  65. data/test/test_session_limitable.rb +7 -7
  66. data/test/tmp/config/initializers/devise_security.rb +3 -0
  67. data/test/tmp/config/locales/devise.security_extension.by.yml +1 -0
  68. data/test/tmp/config/locales/devise.security_extension.cs.yml +5 -0
  69. data/test/tmp/config/locales/devise.security_extension.de.yml +1 -0
  70. data/test/tmp/config/locales/devise.security_extension.es.yml +12 -0
  71. data/test/tmp/config/locales/devise.security_extension.fa.yml +1 -0
  72. data/test/tmp/config/locales/devise.security_extension.fr.yml +14 -2
  73. data/test/tmp/config/locales/devise.security_extension.hi.yml +1 -0
  74. data/test/tmp/config/locales/devise.security_extension.it.yml +1 -0
  75. data/test/tmp/config/locales/devise.security_extension.ja.yml +12 -0
  76. data/test/tmp/config/locales/devise.security_extension.nl.yml +1 -0
  77. data/test/tmp/config/locales/devise.security_extension.pt.yml +1 -0
  78. data/test/tmp/config/locales/devise.security_extension.ru.yml +1 -0
  79. data/test/tmp/config/locales/devise.security_extension.tr.yml +25 -1
  80. data/test/tmp/config/locales/devise.security_extension.uk.yml +1 -0
  81. data/test/tmp/config/locales/devise.security_extension.zh_CN.yml +1 -0
  82. data/test/tmp/config/locales/devise.security_extension.zh_TW.yml +1 -0
  83. metadata +45 -27
  84. data/lib/devise-security/patches/confirmations_controller_captcha.rb +0 -23
  85. data/lib/devise-security/patches/confirmations_controller_security_question.rb +0 -26
  86. data/lib/devise-security/patches/passwords_controller_captcha.rb +0 -22
  87. data/lib/devise-security/patches/passwords_controller_security_question.rb +0 -25
  88. data/lib/devise-security/patches/registrations_controller_captcha.rb +0 -35
  89. data/lib/devise-security/patches/sessions_controller_captcha.rb +0 -26
  90. data/lib/devise-security/patches/unlocks_controller_captcha.rb +0 -22
  91. data/lib/devise-security/patches/unlocks_controller_security_question.rb +0 -25
  92. data/test/dummy/app/controllers/foos_controller.rb +0 -0
  93. data/test/dummy/lib/shared_user_without_email.rb +0 -29
  94. data/test/dummy/log/development.log +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9d2d19c261f7efb929b61e3bfdb31fbe0dce4ae5ab81d829508338ec86486f09
4
- data.tar.gz: fa6c34683e462867b85d9fefe9132dae0891e0fca4eb1fa32fc0c1f9fc9177f3
3
+ metadata.gz: 30c17693a3331769b786cf6925dcce0b62087a894960309ad316189613b62291
4
+ data.tar.gz: defa2b29a2d67e7615062ab6bea7518b37b6f24ed4735016a4fca4ef860ffbd0
5
5
  SHA512:
6
- metadata.gz: 99cd7b257250d09474d2de4b1aeb2348ca1ec8ca651ff0cc11121e23a71faea5bc2085293c83fcb11d4d641d402a76977185df3bd39a2862d3cab6359a1f90ec
7
- data.tar.gz: fc55c011517dbaaab893ebb5da71d6fcd0d65de43de21bb51620cec29104a187e6fb405f159b3ad14a5f40109c9e4a9d18695ae020f0485393fc9b5d4840968d
6
+ metadata.gz: 54fa56d5e200c73e329d1f07eb1845ce2be695ffb4afa20f475d624fb6615f1583a161c8eec8fa5f84643b957a0d9e4d4d653d5f5071f7b73784bf843a520a70
7
+ data.tar.gz: 891fcf2b29571ee6fca9d667ddbc211cf27a5ba64e6048b33d3f63a6f395e02ef88d51a6c35da3bfe761b42c04bf1a57e118ae9bb46ebb22212eb85f9a0b3179
data/LICENSE.txt CHANGED
@@ -1,4 +1,6 @@
1
- Copyright (c) 2011 Marco Scholl
1
+ Copyright (c) 2017-2022 Dillon Welch & Kevin Olbrich.
2
+
3
+ Copyright (c) 2011-2017 Marco Scholl
2
4
 
3
5
  Permission is hereby granted, free of charge, to any person obtaining
4
6
  a copy of this software and associated documentation files (the
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Devise Security
2
2
 
3
- [![Build Status](https://travis-ci.org/devise-security/devise-security.svg?branch=master)](https://travis-ci.org/devise-security/devise-security)
3
+ [![Build Status](https://github.com/devise-security/devise-security/actions/workflows/test_suite.yml/badge.svg?branch=master)](https://github.com/devise-security/devise-security/actions/workflows/test_suite.yml)
4
4
  [![Coverage Status](https://coveralls.io/repos/github/devise-security/devise-security/badge.svg?branch=master)](https://coveralls.io/github/devise-security/devise-security?branch=master)
5
5
  [![Maintainability](https://api.codeclimate.com/v1/badges/ace7cd003a0db8bffa5a/maintainability)](https://codeclimate.com/github/devise-security/devise-security/maintainability)
6
6
 
@@ -129,6 +129,9 @@ Devise.setup do |config|
129
129
 
130
130
  # Allow passwords to be equal to email (false, true)
131
131
  # config.allow_passwords_equal_to_email = false
132
+
133
+ # paranoid_verification will regenerate verification code after failed attempt
134
+ # config.paranoid_code_regenerate_after_attempt = 10
132
135
  end
133
136
  ```
134
137
 
@@ -377,17 +380,23 @@ Standard tests can be invoked using `rake`. To run the tests against the
377
380
 
378
381
  ## Maintenance Policy
379
382
 
380
- We are committed to maintain support for `devise-security` for all normal or
383
+ We are committed to maintaining support for `devise-security` for all normal or
381
384
  security maintenance versions of the Ruby language
382
385
  [as listed here](https://www.ruby-lang.org/en/downloads/branches/), and for the
383
386
  Ruby on Rails framework
384
387
  [as per their maintenance policy](https://rubyonrails.org/maintenance/).
385
388
 
386
- In order to avoid introducing bugs caused by backwardly incompatible Ruby
389
+ To avoid introducing bugs caused by backwardly incompatible Ruby
387
390
  language features, it is highly recommended that all development work be done
388
- using the oldest supported ruby version. The contents of the `.ruby-version`
391
+ using the oldest supported Ruby version. The contents of the `.ruby-version`
389
392
  file should reflect this.
390
393
 
391
394
  ## Copyright
392
395
 
393
- Copyright (c) 2011-2017 Marco Scholl. See LICENSE.txt for further details.
396
+ Copyright (c) 2017-2023 Dillon Welch & Kevin Olbrich.
397
+
398
+ Copyright (c) 2011-2017 Marco Scholl as the project [`devise_security_extension`](https://github.com/phatworx/devise_security_extension).
399
+
400
+ This repo was created as a fork from [b2ee978a](https://github.com/phatworx/devise_security_extension/commit/b2ee978af7d49f0fb0e7271c6ac074dfb4d39353).
401
+
402
+ See LICENSE.txt for further details.
@@ -1,15 +1,13 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  class Devise::ParanoidVerificationCodeController < DeviseController
4
+ before_action :verify_requested_format!
4
5
  skip_before_action :handle_paranoid_verification
5
- prepend_before_action :authenticate_scope!, only: [:show, :update]
6
+ before_action :skip_paranoid_verification, only: %i[show update]
7
+ prepend_before_action :authenticate_scope!, only: %i[show update]
6
8
 
7
9
  def show
8
- if !resource.nil? && resource.need_paranoid_verification?
9
- respond_with(resource)
10
- else
11
- redirect_to :root
12
- end
10
+ respond_with(resource)
13
11
  end
14
12
 
15
13
  def update
@@ -17,7 +15,7 @@ class Devise::ParanoidVerificationCodeController < DeviseController
17
15
  warden.session(scope)['paranoid_verify'] = false
18
16
  set_flash_message :notice, :updated
19
17
  bypass_sign_in resource, scope: scope
20
- redirect_to after_paranoid_verification_code_update_path_for(resource)
18
+ respond_with({}, location: after_paranoid_verification_code_update_path_for(resource))
21
19
  else
22
20
  respond_with(resource, action: :show)
23
21
  end
@@ -37,12 +35,16 @@ class Devise::ParanoidVerificationCodeController < DeviseController
37
35
 
38
36
  private
39
37
 
38
+ def skip_paranoid_verification
39
+ return if !resource.nil? && resource.need_paranoid_verification?
40
+
41
+ redirect_to :root
42
+ end
43
+
40
44
  def resource_params
41
- if params.respond_to?(:permit)
42
- params.require(resource_name).permit(:paranoid_verification_code)
43
- else
44
- params[scope].slice(:paranoid_verification_code)
45
- end
45
+ permitted_params = %i[paranoid_verification_code]
46
+
47
+ params.require(resource_name).permit(*permitted_params)
46
48
  end
47
49
 
48
50
  def scope
@@ -3,8 +3,8 @@
3
3
  class Devise::PasswordExpiredController < DeviseController
4
4
  before_action :verify_requested_format!
5
5
  skip_before_action :handle_password_change
6
- before_action :skip_password_change, only: [:show, :update]
7
- prepend_before_action :authenticate_scope!, only: [:show, :update]
6
+ before_action :skip_password_change, only: %i[show update]
7
+ prepend_before_action :authenticate_scope!, only: %i[show update]
8
8
 
9
9
  def show
10
10
  respond_with(resource)
@@ -20,7 +20,11 @@ class Devise::PasswordExpiredController < DeviseController
20
20
  # @see https://github.com/devise-security/devise-security/pull/111
21
21
  def update
22
22
  resource.extend(Devise::Models::DatabaseAuthenticatablePatch)
23
- if resource.update_with_password(resource_params)
23
+ resource.update_with_password(resource_params)
24
+
25
+ yield resource if block_given?
26
+
27
+ if resource.errors.empty?
24
28
  warden.session(scope)['password_expired'] = false
25
29
  set_flash_message :notice, :updated
26
30
  bypass_sign_in resource, scope: scope
@@ -52,7 +56,7 @@ class Devise::PasswordExpiredController < DeviseController
52
56
  end
53
57
 
54
58
  def resource_params
55
- permitted_params = [:current_password, :password, :password_confirmation]
59
+ permitted_params = %i[current_password password password_confirmation]
56
60
 
57
61
  params.require(resource_name).permit(*permitted_params)
58
62
  end
@@ -23,6 +23,7 @@ bg:
23
23
  paranoid_verify:
24
24
  code_required: 'Моля въведете кода, който нашия екип по поддръжката Ви е предоставил'
25
25
  paranoid_verification_code:
26
+ updated: Кодът за потвърждение е приет
26
27
  show:
27
28
  submit_verification_code: Изпрати код за потвърждение
28
29
  verification_code: Код за потвърждение
@@ -31,6 +31,7 @@ by:
31
31
  paranoid_verify:
32
32
  code_required: 'Калі ласка, увядзіце код, атрыманы ад нашай каманды падтрымкі'
33
33
  paranoid_verification_code:
34
+ updated: Код спраўджання прыняты
34
35
  show:
35
36
  submit_verification_code: 'Увод кода пацверджання'
36
37
  verification_code: 'Код пацверджання'
@@ -7,15 +7,19 @@ cs:
7
7
  password_complexity:
8
8
  digit:
9
9
  one: musí obsahovat alespoň jednu číslici
10
+ few: musí obsahovat alespoň %{count} číslice
10
11
  other: musí obsahovat alespoň %{count} číslice
11
12
  lower:
12
13
  one: musí obsahovat alespoň jedno malé písmeno
14
+ few: musí obsahovat alespoň %{count} malé písmena
13
15
  other: musí obsahovat alespoň %{count} malé písmena
14
16
  symbol:
15
17
  one: musí obsahovat alespoň jedno interpunkční znaménko nebo symbol
18
+ few: musí obsahovat alespoň %{count} interpunkční znaménka nebo symboly
16
19
  other: musí obsahovat alespoň %{count} interpunkční znaménka nebo symboly
17
20
  upper:
18
21
  one: musí obsahovat alespoň jedno velké písmeno
22
+ few: musí obsahovat alespoň %{count} velké písmena
19
23
  other: musí obsahovat alespoň %{count} velké písmena
20
24
  devise:
21
25
  invalid_captcha: Chybná captcha.
@@ -23,6 +27,7 @@ cs:
23
27
  paranoid_verify:
24
28
  code_required: Zadejte kód, který poskytla naše podpora
25
29
  paranoid_verification_code:
30
+ updated: Ověřovací kód přijat
26
31
  show:
27
32
  submit_verification_code: Odeslat ověřovací kód
28
33
  verification_code: Ověřovací kód
@@ -23,6 +23,7 @@ de:
23
23
  paranoid_verify:
24
24
  code_required: 'Bitte geben Sie den Code ein, den unser Support-Team zur Verfügung gestellt hat.'
25
25
  paranoid_verification_code:
26
+ updated: Bestätigungscode akzeptiert
26
27
  show:
27
28
  submit_verification_code: Bestätigungscode eingeben
28
29
  verification_code: Bestätigungscode
@@ -22,9 +22,21 @@ es:
22
22
  invalid_security_question: 'La respuesta a la pregunta de seguridad fue incorrecta.'
23
23
  paranoid_verify:
24
24
  code_required: 'Por favor ingrese el código provisto por nuestro equipo de soporte'
25
+ paranoid_verification_code:
26
+ updated: Se acepta el código de verificación
27
+ show:
28
+ submit_verification_code: Envíe el código de verificación
29
+ verification_code: Código de verificación
30
+ submit: Entregar
25
31
  password_expired:
26
32
  updated: 'Su nueva contraseña ha sido guardada.'
27
33
  change_required: 'Su contraseña ha expirado. Por favor renueve su contraseña.'
34
+ show:
35
+ renew_your_password: Renueve su contraseña
36
+ current_password: Actual contraseña
37
+ new_password: Nueva contraseña
38
+ new_password_confirmation: Confirmar nueva contraseña
39
+ change_my_password: Cambiar mi contraseña
28
40
  failure:
29
41
  session_limited: 'Sus credenciales de inicio de sesión fueron usadas en otro navegador. Por favor inicie sesión nuevamente para continuar en este navegador.'
30
42
  expired: 'Su cuenta ha expirado debido a inactividad. Por favor contacte al administrador de la aplicación.'
@@ -23,6 +23,7 @@ fa:
23
23
  paranoid_verify:
24
24
  code_required: 'لطفاً کدی را که تیم پشتیبانی ما ارائه کرده است وارد کنید'
25
25
  paranoid_verification_code:
26
+ updated: کد تأیید پذیرفته شد
26
27
  show:
27
28
  submit_verification_code: ارسال کد تاییدیه
28
29
  verification_code: کد تاییدیه
@@ -9,8 +9,8 @@ fr:
9
9
  one: doit contenir au moins un chiffre
10
10
  other: doit contenir au moins %{count} chiffres
11
11
  lower:
12
- one: doit contenir au moins une lettre miniscule
13
- other: doit contenir au moins %{count} lettres miniscules
12
+ one: doit contenir au moins une lettre minuscule
13
+ other: doit contenir au moins %{count} lettres minuscules
14
14
  symbol:
15
15
  one: doit contenir au moins un signe de ponctuation
16
16
  other: doit contenir au moins %{count} signes de ponctuation
@@ -22,9 +22,21 @@ fr:
22
22
  invalid_security_question: La réponse à la question de sécurité est invalide
23
23
  paranoid_verify:
24
24
  code_required: Veuillez entrer le code fourni par notre équipe de support
25
+ paranoid_verification_code:
26
+ updated: Code de vérification accepté
27
+ show:
28
+ submit_verification_code: Soumettre le code de vérification
29
+ verification_code: Code de vérification
30
+ submit: Soumettre
25
31
  password_expired:
26
32
  updated: Votre nouveau mot de passe est enregistré
27
33
  change_required: Votre mot de passe a expiré. Veuillez en choisir un autre
34
+ show:
35
+ renew_your_password: Renouveler votre mot de passe
36
+ current_password: Mot de passe actuel
37
+ new_password: Nouveau mot de passe
38
+ new_password_confirmation: Confirmer le nouveau mot de passe
39
+ change_my_password: Changer mon mot de passe
28
40
  failure:
29
41
  session_limited: Vos identifiants de connexion ont été utilisés dans un autre navigateur. Veuillez vous reconnecter pour continuer dans ce navigateur
30
42
  expired: Votre compte a expiré pour cause d'inactivité. Veuillez contacter l'administrateur du site
@@ -24,6 +24,7 @@ hi:
24
24
  paranoid_verify:
25
25
  code_required: सपोर्ट टीम द्वारा दिया गया कोड डाले
26
26
  paranoid_verification_code:
27
+ updated: सत्यापन कोड स्वीकार किया गया
27
28
  show:
28
29
  submit_verification_code: वेरिफिकेशन कोड डाले
29
30
  verification_code: वेरिफिकेशन कोड
@@ -23,6 +23,7 @@ it:
23
23
  paranoid_verify:
24
24
  code_required: 'Inserisci il codice fornito dal nostro team di supporto'
25
25
  paranoid_verification_code:
26
+ updated: Codice di verifica accettato
26
27
  show:
27
28
  submit_verification_code: Invia codice di verifica
28
29
  verification_code: Codice di verifica
@@ -22,9 +22,21 @@ ja:
22
22
  invalid_security_question: 'セキュリティ質問に対する回答が不正です。'
23
23
  paranoid_verify:
24
24
  code_required: 'サポートチームに提供された認証コードを入力してください。'
25
+ paranoid_verification_code:
26
+ updated: 確認コードを受け入れました
27
+ show:
28
+ submit_verification_code: 確認コードを送信する
29
+ verification_code: 検証コード
30
+ submit: 参加する
25
31
  password_expired:
26
32
  updated: '新しいパスワードが保存されました。'
27
33
  change_required: 'パスワードが期限切れです。パスワードを新しく設定してください。'
34
+ show:
35
+ renew_your_password: パスワードを更新する
36
+ current_password: 現在のパスワード
37
+ new_password: 新しいパスワード
38
+ new_password_confirmation: 新しいパスワードを確認
39
+ change_my_password: パスワードを変更する
28
40
  failure:
29
41
  session_limited: '他のブラウザでログインされました。このブラウザで続ける場合は、もう一度サインインしてください。'
30
42
  expired: '活動がなかったため、あなたのアカウントは期限切れとなりました。サイト管理者に連絡してください。'
@@ -23,6 +23,7 @@ nl:
23
23
  paranoid_verify:
24
24
  code_required: Voer de aangeleverde code in
25
25
  paranoid_verification_code:
26
+ updated: Verificatiecode geaccepteerd
26
27
  show:
27
28
  submit_verification_code: Verstuur verificatie code
28
29
  verification_code: Verificatie code
@@ -23,6 +23,7 @@ pt:
23
23
  paranoid_verify:
24
24
  code_required: 'Por favor entre o código que a equipe de suporte enviou'
25
25
  paranoid_verification_code:
26
+ updated: Código de verificação aceito
26
27
  show:
27
28
  submit_verification_code: Enviar código de verificação
28
29
  verification_code: Código de verificação
@@ -31,6 +31,7 @@ ru:
31
31
  paranoid_verify:
32
32
  code_required: 'Пожалуйста введите код, полученный от нашей команды поддержки'
33
33
  paranoid_verification_code:
34
+ updated: Код подтверждения принят
34
35
  show:
35
36
  submit_verification_code: Ввод кода подтверждения
36
37
  verification_code: Код подверждения
@@ -4,15 +4,39 @@ tr:
4
4
  taken_in_past: "daha önce kullanıldı."
5
5
  equal_to_current_password: "mevcut paroladan farklı olmalı."
6
6
  equal_to_email: "e-postadan farklı olmalı."
7
- password_format: "büyük, küçük harfler ve sayılar içermeli."
7
+ password_complexity:
8
+ digit:
9
+ one: en az bir rakam içermelidir
10
+ other: en az %{count} basamak içermelidir
11
+ lower:
12
+ one: en az bir küçük harf içermelidir
13
+ other: en az %{count} küçük harf içermelidir
14
+ symbol:
15
+ one: en az bir noktalama işareti veya sembolü içermelidir
16
+ other: en az %{count} noktalama işareti veya sembolü içermelidir
17
+ upper:
18
+ one: en az bir büyük harf içermelidir
19
+ other: en az %{count} büyük harf içermelidir
8
20
  devise:
9
21
  invalid_captcha: "Captcha hatalı."
10
22
  invalid_security_question: "Güvenlik sorusunun cevabı yanlış."
11
23
  paranoid_verify:
12
24
  code_required: "Destek ekibimizden aldığınız kodu girin."
25
+ paranoid_verification_code:
26
+ updated: Doğrulama kodu kabul edildi
27
+ show:
28
+ submit_verification_code: Doğrulama kodunu gönder
29
+ verification_code: Doğrulama kodu
30
+ submit: Gönder
13
31
  password_expired:
14
32
  updated: "Yeni parolanız kaydedildi."
15
33
  change_required: "Parolanızın geçerlilik süresi dolmuş. Lütfen parolanızı yenileyin."
34
+ show:
35
+ renew_your_password: Şifrenizi yenileyin
36
+ current_password: Mevcut Şifre
37
+ new_password: Yeni Şifre
38
+ new_password_confirmation: Yeni şifreyi onayla
39
+ change_my_password: Şifremi Değiştir
16
40
  failure:
17
41
  session_limited: 'Hesabınıza başka bir tarayıcıdan giriş yapılmış. Lütfen devam etmek için yeniden giriş yapın.'
18
42
  expired: 'Hesabınız aktif olarak kullanılmadığı için artık geçerli değil. Lütfen yönetici ile irtibata geçin.'
@@ -31,6 +31,7 @@ uk:
31
31
  paranoid_verify:
32
32
  code_required: 'Введіть, будь ласка, код від нашої команди підтримки'
33
33
  paranoid_verification_code:
34
+ updated: Код підтвердження прийнято
34
35
  show:
35
36
  submit_verification_code: Відправити код підтвердження
36
37
  verification_code: Код підтвердження
@@ -23,6 +23,7 @@ zh_CN:
23
23
  paranoid_verify:
24
24
  code_required: '请输入我们支持团队提供的代码'
25
25
  paranoid_verification_code:
26
+ updated: 接受验证码
26
27
  show:
27
28
  submit_verification_code: 提交验证码
28
29
  verification_code: 验证码
@@ -23,6 +23,7 @@ zh_TW:
23
23
  paranoid_verify:
24
24
  code_required: '請輸入由我們客服團隊提供的代碼'
25
25
  paranoid_verification_code:
26
+ updated: 接受驗證碼
26
27
  show:
27
28
  submit_verification_code: 送出驗證碼
28
29
  verification_code: 驗證碼
@@ -29,8 +29,8 @@ module DeviseSecurity
29
29
  end
30
30
 
31
31
  def valid_captcha_if_defined?(captcha)
32
- defined?(verify_recaptcha) && verify_recaptcha ||
33
- defined?(valid_captcha?) && valid_captcha?(captcha)
32
+ (defined?(verify_recaptcha) && verify_recaptcha) ||
33
+ (defined?(valid_captcha?) && valid_captcha?(captcha))
34
34
  end
35
35
 
36
36
  def valid_security_question_answer?(resource, answer)
@@ -75,12 +75,18 @@ module DeviseSecurity
75
75
  def handle_paranoid_verification
76
76
  return if warden.nil?
77
77
 
78
- if !devise_controller? && !request.format.nil? && request.format.html?
78
+ if !devise_controller? &&
79
+ !ignore_paranoid_verification_code? &&
80
+ !request.format.nil? &&
81
+ request.format.html?
79
82
  Devise.mappings.keys.flatten.any? do |scope|
80
- if signed_in?(scope) && warden.session(scope)['paranoid_verify']
81
- store_location_for(scope, request.original_fullpath) if request.get?
82
- redirect_for_paranoid_verification scope
83
- return
83
+ if signed_in?(scope) && warden.session(scope)['paranoid_verify'] == true
84
+ if send(:"current_#{scope}").try(:need_paranoid_verification?)
85
+ store_location_for(scope, request.original_fullpath) if request.get?
86
+ redirect_for_paranoid_verification(scope)
87
+ else
88
+ warden.session(scope)['paranoid_verify'] = false
89
+ end
84
90
  end
85
91
  end
86
92
  end
@@ -98,14 +104,16 @@ module DeviseSecurity
98
104
  # path for change password
99
105
  def change_password_required_path_for(resource_or_scope = nil)
100
106
  scope = Devise::Mapping.find_scope!(resource_or_scope)
101
- change_path = "#{scope}_password_expired_path"
102
- send(change_path)
107
+ router_name = Devise.mappings[scope].router_name
108
+ context = router_name ? send(router_name) : _devise_route_context
109
+ context.send("#{scope}_password_expired_path")
103
110
  end
104
111
 
105
112
  def paranoid_verification_code_path_for(resource_or_scope = nil)
106
113
  scope = Devise::Mapping.find_scope!(resource_or_scope)
107
- change_path = "#{scope}_paranoid_verification_code_path"
108
- send(change_path)
114
+ router_name = Devise.mappings[scope].router_name
115
+ context = router_name ? send(router_name) : _devise_route_context
116
+ context.send("#{scope}_paranoid_verification_code_path")
109
117
  end
110
118
 
111
119
  protected
@@ -114,6 +122,10 @@ module DeviseSecurity
114
122
  def ignore_password_expire?
115
123
  false
116
124
  end
125
+
126
+ def ignore_paranoid_verification_code?
127
+ false
128
+ end
117
129
  end
118
130
  end
119
131
  end
@@ -1,11 +1,11 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- # Updates the last_activity_at fields from the record. Only when the user is active
3
+ # Updates the last_activity_at fields from the record. Only when the user is active
4
4
  # for authentication and authenticated.
5
- # An expiry of the account is only checked on sign in OR on manually setting the
5
+ # An expiry of the account is only checked on sign in OR on manually setting the
6
6
  # expired_at to the past (see Devise::Models::Expirable for this)
7
7
  Warden::Manager.after_set_user do |record, warden, options|
8
- if record && record.respond_to?(:active_for_authentication?) && record.active_for_authentication? &&
8
+ if record && record.respond_to?(:active_for_authentication?) && record.active_for_authentication? &&
9
9
  warden.authenticated?(options[:scope]) && record.respond_to?(:update_last_activity!)
10
10
  record.update_last_activity!
11
11
  end
@@ -1,7 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  Warden::Manager.after_set_user do |record, warden, options|
4
- if record.respond_to?(:need_paranoid_verification?)
5
- warden.session(options[:scope])['paranoid_verify'] = record.need_paranoid_verification?
6
- end
4
+ warden.session(options[:scope])['paranoid_verify'] = record.need_paranoid_verification? if record.respond_to?(:need_paranoid_verification?)
7
5
  end
@@ -3,7 +3,5 @@
3
3
  # @note This happens after
4
4
  # {DeviseSecurity::Controller::Helpers#handle_password_change}
5
5
  Warden::Manager.after_authentication do |record, warden, options|
6
- if record.respond_to?(:need_change_password?)
7
- warden.session(options[:scope])['password_expired'] = record.need_change_password?
8
- end
6
+ warden.session(options[:scope])['password_expired'] = record.need_change_password? if record.respond_to?(:need_change_password?)
9
7
  end
@@ -8,13 +8,13 @@ Warden::Manager.after_set_user except: :fetch do |record, warden, options|
8
8
  warden.authenticated?(options[:scope]) &&
9
9
  !record.skip_session_limitable?
10
10
 
11
- if !options[:skip_session_limitable]
11
+ if !options[:skip_session_limitable]
12
12
  unique_session_id = Devise.friendly_token
13
13
  warden.session(options[:scope])['unique_session_id'] = unique_session_id
14
14
  record.update_unique_session_id!(unique_session_id)
15
- else
15
+ else
16
16
  warden.session(options[:scope])['devise.skip_session_limitable'] = true
17
- end
17
+ end
18
18
  end
19
19
  end
20
20
 
@@ -29,7 +29,7 @@ Warden::Manager.after_set_user only: :fetch do |record, warden, options|
29
29
  warden.authenticated?(scope) &&
30
30
  options[:store] != false
31
31
  if record.unique_session_id != warden.session(scope)['unique_session_id'] &&
32
- !record.skip_session_limitable? &&
32
+ !record.skip_session_limitable? &&
33
33
  !warden.session(scope)['devise.skip_session_limitable']
34
34
  Rails.logger.warn do
35
35
  '[devise-security][session_limitable] session id mismatch: '\
@@ -1,12 +1,14 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Devise
2
4
  module Models
3
5
  module Compatibility
4
-
5
6
  class NotPersistedError < ActiveRecord::ActiveRecordError; end
6
7
 
7
8
  module ActiveRecordPatch
8
9
  extend ActiveSupport::Concern
9
- unless Devise.activerecord51?
10
+
11
+ unless defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
10
12
  # When the record was saved, was the +encrypted_password+ changed?
11
13
  # @return [Boolean]
12
14
  def saved_change_to_encrypted_password?
@@ -33,7 +35,6 @@ module Devise
33
35
  def update_attribute_without_validatons_or_callbacks(name, value)
34
36
  update_column(name, value)
35
37
  end
36
-
37
38
  end
38
39
  end
39
40
  end
@@ -1,7 +1,8 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Devise
2
4
  module Models
3
5
  module Compatibility
4
-
5
6
  class NotPersistedError < Mongoid::Errors::MongoidError; end
6
7
 
7
8
  module MongoidPatch
@@ -23,7 +24,7 @@ module Devise
23
24
  # @param name [Symbol] attribute to update
24
25
  # @param value [String] value to set
25
26
  def update_attribute_without_validatons_or_callbacks(name, value)
26
- set(Hash[*[name, value]])
27
+ set(Hash[name, value])
27
28
  end
28
29
  end
29
30
  end
@@ -11,24 +11,22 @@ module Devise
11
11
  new_password_confirmation = params[:password_confirmation]
12
12
 
13
13
  result = if valid_password && new_password.present? && new_password_confirmation.present?
14
- update(params, *options)
15
- else
16
- self.assign_attributes(params, *options)
14
+ update(params, *options)
15
+ else
16
+ assign_attributes(params, *options)
17
17
 
18
- if current_password.blank?
19
- self.errors.add(:current_password, :blank)
20
- elsif !valid_password
21
- self.errors.add(:current_password, :invalid)
22
- end
18
+ if current_password.blank?
19
+ errors.add(:current_password, :blank)
20
+ elsif !valid_password
21
+ errors.add(:current_password, :invalid)
22
+ end
23
23
 
24
- self.errors.add(:password, :blank) if new_password.blank?
24
+ errors.add(:password, :blank) if new_password.blank?
25
25
 
26
- if new_password_confirmation.blank?
27
- self.errors.add(:password_confirmation, :blank)
28
- end
26
+ errors.add(:password_confirmation, :blank) if new_password_confirmation.blank?
29
27
 
30
- false
31
- end
28
+ false
29
+ end
32
30
 
33
31
  clean_up_passwords
34
32
  result