RubyGems - devise-two-factor - Versions diffs - 2.2.1 → 3.0.0 - Mend

devise-two-factor 2.2.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +0 -1
data/CHANGELOG.md +42 -0
data/README.md +14 -0
data/devise-two-factor.gemspec +1 -1
data/lib/devise_two_factor/version.rb +1 -1
metadata +5 -4
metadata.gz.sig +0 -0

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7733242048c6e6912c7768974ae43ad710aee326
-  data.tar.gz: 4148cd6ab0a90308fd07f98ba395982b7ffc098d
+  metadata.gz: 4b3b5de2fc272e8a4cb6efed6a5767d5ebf98b7a
+  data.tar.gz: b9f07dd6665d994fc78c3fca5baf074a2a7ecdbd
 SHA512:
-  metadata.gz: a6b74254dd5c556c532070905ee2075c66fe43dc9b41c4121b57f15ed971f7239aa85e663526f72e1aa36dd3e7d76e06b3d8897985f62e103f11cb41dc3280f0
-  data.tar.gz: e35807622d16188854d134cd7365e53ed2a616757e2baa38a808e4444bcbd891a90c665ab07b6c7b186a635124db4f7f1c83161caaa2e1d8044c13c6d99273ec
+  metadata.gz: fdd8ddf024c2d4d336026262ea27c9660df54d6363c3aff582c500e76ae7b8bc136d1cf3f048527b5e95c899af04dc1ae4fb4c91e4323c5b47aeb6fe922df98d
+  data.tar.gz: 11b3e866530264a4c3779fc49150df1de42658e7ead17496844d7f667d6d033c5c5fb7808d50df62a0a7afdc265e6d442f31d55ac2188d9f330662545d5c37f7

checksums.yaml.gz.sig CHANGED

Binary file

data.tar.gz.sig CHANGED

Binary file

data/.travis.yml CHANGED

@@ -5,7 +5,6 @@ before_install:
   - gem update --system
   - gem update bundler
 rvm:
-  - "2.0.0"
   - "2.1"
   - "2.2"
   - "2.3.0"

data/CHANGELOG.md ADDED

@@ -0,0 +1,42 @@
+# CHANGELOG
+## Unreleased
+## 3.0.0
+See `UPGRADING.md` for specific help with breaking changes from 2.x to 3.0.0.
+- Adds support for Devise 4.
+- Relax dependencies to allow attr_encrypted 3.x.
+- Blocks the use of attr_encrypted 2.x. There was a significant vulnerability in the encryption implementation in attr_encrypted 2.x, and that version of the gem should not be used.
+## 2.2.0
+- Use 192 bits, not 1024, as a secret key length. RFC 4226 recommends a minimum length of 128 bits and a recommended length of 160 bits. Google Authenticator doesn't accept 160 bit keys.
+## 2.1.0
+- Return false if OTP value is nil, instead of an ROTP exception.
+## 2.0.1
+No user-facing changes.
+## 2.0.0
+See `UPGRADING.md` for specific help with breaking changes from 1.x to 2.0.0.
+- Replace `valid_otp?` method with `validate_and_consume_otp!`.
+- Disallow subsequent OTPs once validated via timesteps.
+## 1.1.0
+- Removes runtimez activemodel dependency.
+- Uses `Devise::Encryptor` instead of `Devise.bcrypt`, which is deprecated.
+- Bump `rotp` dependency to 2.x.
+## 1.0.2
+- Makes Railties the only requirement for Rails generators.
+- Explicitly check that the `otp_attempt` param is not nil in order to avoid 'ROTP only verifies strings' exceptions.
+- Adding warning about recoverable devise strategy and automatic `sign_in` after a password reset.
+- Loosen dependency version requirements for rotp, devise, and attr_encrypted.
+## 1.0.1
+- Add version requirements for dependencies.
+## 1.0.0
+- Initial release.

data/README.md CHANGED

@@ -68,6 +68,20 @@ def configure_permitted_parameters
 end
 ```
+If you're running Devise 4.0.0 or above, you'll want to use `.permit` instead:
+```ruby
+before_action :configure_permitted_parameters, if: :devise_controller?
+...
+protected
+def configure_permitted_parameters
+  devise_parameter_sanitizer.permit(:sign_in, keys: [:otp_attempt])
+end
+```
 **After running the generator, verify that :database_authenticatable is not being loaded by your model. The generator will try to remove it, but if you have a non-standard Devise setup, this step may fail. Loading both :database_authenticatable and `:two_factor_authenticatable` in a model will allow users to bypass two-factor authenticatable due to the way Warden handles cascading strategies.**
 ## Designing Your Workflow

data/devise-two-factor.gemspec CHANGED

@@ -27,7 +27,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'railties'
   s.add_runtime_dependency 'activesupport'
   s.add_runtime_dependency 'attr_encrypted', '>= 1.3', '< 4', '!= 2'
-  s.add_runtime_dependency 'devise',         '~> 3.5'
+  s.add_runtime_dependency 'devise',         '~> 4.0'
   s.add_runtime_dependency 'rotp',           '~> 2.0'
   s.add_development_dependency 'activemodel'

data/lib/devise_two_factor/version.rb CHANGED

@@ -1,3 +1,3 @@
 module DeviseTwoFactor
-   VERSION = '2.2.1'.freeze
+   VERSION = '3.0.0'.freeze
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise-two-factor
 version: !ruby/object:Gem::Version
-  version: 2.2.1
+  version: 3.0.0
 platform: ruby
 authors:
 - Shane Wilton
@@ -84,7 +84,7 @@ cert_chain:
   5C31v4YyRBnNCp0pN66nxYX2avEiQ8riTBP5mlkPPOhsIoYQHHe2Uj75aVpu0LZ3
   cdFzuO4GC1dV0Wv+dsDm+MyF7DT5E9pUPXpnMJuPvPrFpCb+wrFlszW9hGjXbQ==
   -----END CERTIFICATE-----
-date: 2016-05-11 00:00:00.000000000 Z
+date: 2016-05-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -146,14 +146,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: rotp
   requirement: !ruby/object:Gem::Requirement
@@ -261,6 +261,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
+- CHANGELOG.md
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE

metadata.gz.sig CHANGED

Binary file