RubyGems - devise_challenge_questionable - Versions diffs - 2.0.0 → 3.3.2 - Mend

devise_challenge_questionable 2.0.0 → 3.3.2

Files changed (12) hide show

checksums.yaml +7 -7
data/.gitignore +1 -0
data/README.md +12 -8
data/app/controllers/devise/challenge_questions_controller.rb +39 -32
data/app/views/devise/challenge_questions/edit.html.erb +7 -22
data/devise_challenge_questionable.gemspec +3 -3
data/lib/devise_challenge_questionable/controllers/helpers.rb +2 -2
data/lib/devise_challenge_questionable/mailer.rb +2 -2
data/lib/devise_challenge_questionable/model.rb +16 -13
data/lib/devise_challenge_questionable/version.rb +1 -1
data/lib/generators/devise_challenge_questionable/templates/challenge_question_model.rb +11 -7
metadata +59 -50

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
----
-SHA512:
-  data.tar.gz: 8695e654d2bb19c2cc3898c7c37ef3a1b50f4581b8d6984abffe64df691289de2ddbfbaf03454e21a371872c7226ca73fb336077b458bd4cf2d2f3e6bb9fe981
-  metadata.gz: 6ac2620ad0657c87ae83e8e5c48cc13fd10064ddcdf93048aedbfd47137709f072008d501024c78172a78e01e6a47859d924824cb276b04e10fbb3af18b6d1f1
-SHA1:
-  data.tar.gz: 3c16a6153e9482d879cc84b9c48fd6bd4e28bcd3
-  metadata.gz: fdae3b18830c50d05005ebcd56efd230d81f12fb
+---
+SHA256:
+  metadata.gz: a77778f0523bd02065afa11b69367b3430cbb92a5359b8b8817d2723efabba4e
+  data.tar.gz: 6e91e372d2199dffaed5ade3eddf2d0a3e43eae70f0ba1ffe807915cafc217cb
+SHA512:
+  metadata.gz: 24febe5a3b8ae5ff545e5f9a9498f3e0d6bad1e93e1176877e9436c5bc4326d37435c54296f31bf8f820a04fef3b306b8d23ef80d45caa37cda77548b4786542
+  data.tar.gz: 3ac583e0d4c08d5f3ab00f973a88a7b801649201444a386ae496d2b68c39ecb4dff32c526f23f2ba1b375e563bd5048816a5656537a42cb13821421b943b4876

data/.gitignore CHANGED

@@ -18,3 +18,4 @@ patches-*
 capybara-*.html
 dump.rdb
 *.ids
+.idea/

data/README.md CHANGED

@@ -26,9 +26,9 @@ Once that's done, run:
 In order to add challenge questions to a model, run the command:
     bundle exec rails g devise_challenge_questionable MODEL
     bundle exec rails g devise_challenge_questionable:install
     bundle exec rails g devise_challenge_questionable:views users
 Where MODEL is your model name (e.g. User or Admin). This generator will add `:challenge_questionable` to your model
@@ -45,9 +45,9 @@ To manually enable challenge questions for the User model, you should add the fo
 ```ruby
   has_many :user_challenge_questions, :validate => true, :inverse_of => :user
   accepts_nested_attributes_for :user_challenge_questions, :allow_destroy => true
   devise :challenge_questionable
   attr_accessible :user_challenge_questions_attributes
 ```
@@ -68,9 +68,13 @@ You also need to add the `user_challenge_question.rb` Model.
     before_save :digest_challenge_answer
     def digest_challenge_answer
-      write_attribute(:challenge_answer, Digest::MD5.hexdigest(self.challenge_answer.downcase)) unless self.challenge_answer.nil?
+      if ENV['PASSWORD_PEPPER']
+        write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase + ENV['PASSWORD_PEPPER'], :cost => Devise.stretches)) unless self.challenge_answer.nil?
+      else
+        write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase, :cost => Devise.stretches)) unless self.challenge_answer.nil?
+      end
     end
     private
     def challenge_question_uniqueness
       if self.challenge_question.present? && self.user.user_challenge_questions.select{|q| q.challenge_question == self.challenge_question}.count > 1
@@ -83,7 +87,7 @@ You also need to add the `user_challenge_question.rb` Model.
         errors.add(:challenge_answer, 'can only be used once')
       end
     end
     def challenge_answer_repeating
       if self.challenge_answer.present? && self.challenge_answer =~ /(.)\1{2,}/
         errors.add(:challenge_answer, 'can not have more then two repeating characters in a row')
@@ -132,7 +136,7 @@ By default challenge questions are enabled for each user, you can change it with
   def login_challenge_questions?(request)
     request.ip != '127.0.0.1'
   end
   def set_challenge_questions?(request)
     request.ip != '127.0.0.1'
   end

data/app/controllers/devise/challenge_questions_controller.rb CHANGED

@@ -1,43 +1,43 @@
 class Devise::ChallengeQuestionsController < DeviseController
-  prepend_before_filter :require_no_authentication, :only => [ :new, :create, :edit, :update, :max_challenge_question_attempts_reached ]
-  prepend_before_filter :authenticate_scope!, :only => [:show, :authenticate, :manage, :forgot]
-  before_filter :prepare_and_validate, :handle_challenge_questions, :only => [:show, :authenticate]
+  prepend_before_action :require_no_authentication, :only => [ :new, :create, :edit, :update, :max_challenge_question_attempts_reached ]
+  prepend_before_action :authenticate_scope!, :only => [:show, :authenticate, :manage, :forgot]
+  before_action :prepare_and_validate, :handle_challenge_questions, :only => [:show, :authenticate]
   # GET /resource/challenge_question/new
   def new
-    build_resource
-    render_with_scope :new
+    self.resource = resource_class.new
+    render :new
   end
   # POST /resource/challenge_question
   def create
     self.resource = resource_class.send_reset_challenge_questions_instructions(params[resource_name])
     if resource.errors.empty?
       set_flash_message :notice, :send_instructions
-      redirect_to new_session_path(resource_name)
+      redirect_to home_path
     else
-      render_with_scope :new
+      render :new
     end
   end
   # GET /resource/challenge_question/edit?reset_challenge_questions_token=abcdef
   def edit
     self.resource = resource_class.new
     resource.reset_challenge_questions_token = params[:reset_challenge_questions_token]
     Devise.number_of_challenge_questions_stored.times { resource.send("#{resource_name}_challenge_questions").build }
-    render_with_scope :edit
+    render :edit
   end
   # PUT /resource/challenge_question
   def update
     self.resource = resource_class.reset_challenge_questions_by_token(params[resource_name])
     if resource.errors.empty?
       set_flash_message :notice, :updated_challenge_questions
-      redirect_to :root
+      sign_in_and_redirect(resource)
     else
-      render_with_scope :edit
+      render :edit
     end
   end
@@ -45,11 +45,11 @@ class Devise::ChallengeQuestionsController < DeviseController
   def show
     @challenge_questions = resource.send("#{resource_name}_challenge_questions").sample(params[:limit].try(:to_i) || Devise.number_of_challenge_questions_asked)
     respond_to do |format|
-      format.html { render_with_scope :show }
+      format.html { render :show }
       format.json { render :json => @challenge_questions.as_json(:only => [:id, :challenge_question]) }
     end
   end
   def authenticate
     build_challenge_questions
     if @challenge_questions.present? && challenge_questions_authenticated?
@@ -61,21 +61,21 @@ class Devise::ChallengeQuestionsController < DeviseController
       else
         failed_attempts
       end
-    end
+    end
   end
   # Build token and redirect
   def manage
     resource.set_reset_challenge_questions_token
     sign_out(resource)
-    redirect_to edit_challenge_question_path(resource, :reset_challenge_questions_token => resource.reset_challenge_questions_token)
+    redirect_to edit_user_challenge_question_path(resource, :reset_challenge_questions_token => resource.reset_challenge_questions_token)
   end
   def forgot
     sign_out(resource)
-    redirect_to new_challenge_question_path(resource_name)
+    redirect_to new_user_challenge_question_path(resource_name)
   end
   def max_challenge_question_attempts_reached
   end
@@ -90,21 +90,28 @@ class Devise::ChallengeQuestionsController < DeviseController
       @limit = resource.class.max_challenge_question_attempts
       if resource.max_challenge_question_attempts?
         sign_out(resource)
-        render_with_scope :max_challenge_question_attempts_reached and return
+        render :max_challenge_question_attempts_reached and return
       end
     end
     def challenge_questions_authenticated?
-      @challenge_questions.all?{|question| Digest::MD5.hexdigest(question[:challenge_answer].try(:downcase).to_s).eql?(question[:answer])}
+      @challenge_questions.all? do |question|
+        @user_hash = ::BCrypt::Password.new(question[:answer])
+        if ENV['PASSWORD_PEPPER']
+          @user_hash.is_password?(question[:challenge_answer].try(:downcase) + ENV['PASSWORD_PEPPER'])
+        else
+          @user_hash.is_password?(question[:challenge_answer].try(:downcase))
+        end
+      end
     end
     def build_challenge_questions
       respond_to do |format|
         format.html { @challenge_questions = (params[:challenge_questions] || []).map{|cq, params| params.merge(:answer => resource.send("#{resource_name}_challenge_questions").find(params[:id]).challenge_answer)} }
         format.json { @challenge_questions = (params[:challenge_questions] || []).map{|cq| cq.merge(:answer => resource.send("#{resource_name}_challenge_questions").find(cq[:id]).challenge_answer)} }
       end
     end
     def challenge_questions_authenticated
       respond_to do |format|
         format.html do
@@ -115,25 +122,25 @@ class Devise::ChallengeQuestionsController < DeviseController
       end
       resource.update_attribute(:challenge_question_failed_attempts, 0)
     end
     def set_failed_attempt
       resource.challenge_question_failed_attempts += 1
       resource.save
     end
     def max_failed_attempts
       resource.max_challenge_question_lock_account
       sign_out(resource)
       respond_to do |format|
-        format.html { render_with_scope :max_challenge_question_attempts_reached and return }
+        format.html { render :max_challenge_question_attempts_reached and return }
         format.json { render :json => {:max_attempts_reached => true, :errors => I18n.t(:"#{resource_name}.#{:max_attempts_reached}", :resource_name => resource_name, :scope => [:devise, controller_name.to_sym], :default => :attempt_failed)} }
       end
     end
     def failed_attempts
       respond_to do |format|
         format.html { redirect_to send("#{resource_name}_challenge_question_path" ) }
         format.json { render :json => {:errors => I18n.t(:"#{resource_name}.#{:attempt_failed}", :resource_name => resource_name, :scope => [:devise, controller_name.to_sym], :default => :attempt_failed)} }
       end
     end
-end
+end

data/app/views/devise/challenge_questions/edit.html.erb CHANGED

@@ -7,7 +7,7 @@
     <%= devise_error_messages! %>
     <%= f.hidden_field :id %>
     <%= f.hidden_field :reset_challenge_questions_token %>
     <%= f.fields_for :"#{resource_name}_challenge_questions", resource.send("#{resource_name}_challenge_questions") do |cq| %>
       <% if cq.object.new_record? %>
         <p>
@@ -40,25 +40,10 @@
 <script type="text/javascript" language="javascript">
   if (window.jQuery) {
-    jQuery(document).ready(function() {
-      $("select").change(function () {
-        var $this = $(this);
-        var prevVal = $this.data("prev");
-        var otherSelects = $("select").not(this);
-        otherSelects.find('option:contains('+ $(this).val() +')').attr('disabled', 'disabled');
-        if (prevVal) {
-            otherSelects.find('option:contains('+ prevVal +')').removeAttr('disabled');
-        }
-        $this.data("prev", $this.val());
-      });
-      $("select").each(function () {
-        var $this = $(this);
-        var prevVal = $this.data("prev");
-        var otherSelects = $("select").not(this);
-        otherSelects.find('option:contains('+ $(this).val() +')').attr('disabled', 'disabled');
-        $this.data("prev", $this.val());
-      });
-    });
+    $('select').on('change', function(e) {
+      var $this = $(this);
+      var otherSelects = $("select").not(this);
+      otherSelects.find('option:contains('+ $(this).val() +')').attr('disabled','disabled')
+    })
   }
-</script>
+</script>

data/devise_challenge_questionable.gemspec CHANGED

@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
   s.description = <<-EOF
     ### Features ###
     * configure max challenge question attempts
-    * per user level control if he really need challenge questions
+    * per user level control if they really need challenge questions
   EOF
   s.rubyforge_project = "devise_challenge_questionable"
@@ -22,8 +22,8 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-  s.add_runtime_dependency 'rails', '>= 3.0.20'
-  s.add_runtime_dependency 'devise', '>= 2.0.0.rc'
+  s.add_runtime_dependency 'rails', '>= 5.0.0'
+  s.add_runtime_dependency 'devise', '>= 4.0.0'
   s.add_development_dependency 'bundler'
 end

data/lib/devise_challenge_questionable/controllers/helpers.rb CHANGED

@@ -4,7 +4,7 @@ module DeviseChallengeQuestionable
       extend ActiveSupport::Concern
       included do
-        before_filter :handle_challenge_questions
+        before_action :handle_challenge_questions
       end
       private
@@ -51,4 +51,4 @@ module DeviseChallengeQuestionable
     end
   end
-end
+end

data/lib/devise_challenge_questionable/mailer.rb CHANGED

@@ -2,7 +2,7 @@ module DeviseChallengeQuestionable
   module Mailer
     # Deliver reset challenge question instructions when is requested
     def reset_challenge_questions_instructions(record)
-      setup_mail(record, :reset_challenge_questions_instructions)
+      devise_mail(record, :reset_challenge_questions_instructions)
     end
   end
-end
+end

data/lib/devise_challenge_questionable/model.rb CHANGED

@@ -3,12 +3,12 @@ module Devise
   module Models
     module ChallengeQuestionable
       extend ActiveSupport::Concern
       # Update challenge questions saving the record and clearing token. Returns true if
       # the challenge questions are valid and the record was saved, false otherwise.
       def reset_challenge_questions!(attributes)
         self.send("#{self.class.name.underscore}_challenge_questions").destroy_all
-        self.attributes = {"#{self.class.name.underscore}_challenge_questions_attributes" => attributes["#{self.class.name.underscore}_challenge_questions_attributes"]}
+        self.attributes = {"#{self.class.name.underscore}_challenge_questions_attributes" => attributes["#{self.class.name.underscore}_challenge_questions_attributes"]}
         clear_reset_challenge_questions_token if self.valid?
         self.save
       end
@@ -16,11 +16,11 @@ module Devise
       def login_challenge_questions?(request)
         true
       end
       def set_challenge_questions?(request)
         true
       end
       def max_challenge_question_lock_account
         self.lock_access! if self.class.lock_strategy_enabled?(:failed_attempts)
       end
@@ -28,18 +28,18 @@ module Devise
       def max_challenge_question_attempts?
         challenge_question_failed_attempts >= self.class.max_challenge_question_attempts
       end
       # Resets reset challenge question token and send reset challenge question instructions by email
       def send_reset_challenge_questions_instructions
         generate_reset_challenge_questions_token!
         ::Devise.mailer.reset_challenge_questions_instructions(self).deliver
       end
       # Generates a new random token for reset challenge_question
       def set_reset_challenge_questions_token
         generate_reset_challenge_questions_token!
       end
       def unlock_access_including_challenge_questions!
         if_access_locked do
           self.locked_at = nil
@@ -49,7 +49,7 @@ module Devise
           save(:validate => false)
         end
       end
       protected
         # Generates a new random token for reset challenge_question
@@ -67,14 +67,14 @@ module Devise
         def clear_reset_challenge_questions_token
           self.reset_challenge_questions_token = nil
         end
         def clear_challenge_question_failed_attempts
           self.challenge_question_failed_attempts = 0
         end
       module ClassMethods
         ::Devise::Models.config(self, :max_challenge_question_attempts)
         # Attempt to find a user by it's email. If a record is found, send new
         # challenge_question instructions to it. If not user is found, returns a new user
         # with an email not found error.
@@ -87,7 +87,10 @@ module Devise
         # Generate a token checking if one does not already exist in the database.
         def reset_challenge_questions_token
-          generate_token(:reset_challenge_questions_token)
+          loop do
+            token = Devise.friendly_token
+            break token unless User.find_by(:reset_challenge_questions_token => token)
+          end
         end
         # Attempt to find a user by it's reset_challenge_questions_token to reset it's
@@ -103,4 +106,4 @@ module Devise
       end
     end
   end
-end
+end

data/lib/devise_challenge_questionable/version.rb CHANGED

@@ -1,3 +1,3 @@
 module DeviseChallengeQuestionable
-  VERSION = "2.0.0"
+  VERSION = "3.3.2"
 end

data/lib/generators/devise_challenge_questionable/templates/challenge_question_model.rb CHANGED

@@ -1,14 +1,18 @@
 class <%= class_name %>ChallengeQuestion < ActiveRecord::Base
   belongs_to :<%= class_name.underscore %>
   validates :challenge_question, :uniqueness => {:scope => :<%= class_name.underscore %>_id}
   validates :challenge_answer, :presence => true
   before_save :digest_challenge_answer
   def digest_challenge_answer
-    write_attribute(:challenge_answer, Digest::MD5.hexdigest(self.challenge_answer)) unless self.challenge_answer.nil?
+    if ENV['PASSWORD_PEPPER']
+      write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase + ENV['PASSWORD_PEPPER'], :cost => Devise.stretches)) unless self.challenge_answer.nil?
+    else
+      write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase, :cost => Devise.stretches)) unless self.challenge_answer.nil?
+    end
   end
-end
+end

metadata CHANGED

@@ -1,58 +1,68 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: devise_challenge_questionable
-version: !ruby/object:Gem::Version
-  version: 2.0.0
+version: !ruby/object:Gem::Version
+  version: 3.3.2
 platform: ruby
-authors:
+authors:
 - Andrew Kennedy
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-05-16 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2020-05-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rails
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
-    requirements:
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.0.20
+      - !ruby/object:Gem::Version
+        version: 5.0.0
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: devise
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.0.0.rc
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: bundler
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
-    requirements:
-    - &id004
-      - ">="
-      - !ruby/object:Gem::Version
-        version: "0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id003
-description: "    ### Features ###\n    * configure max challenge question attempts\n    * per user level control if he really need challenge questions\n"
-email:
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |2
+      ### Features ###
+      * configure max challenge question attempts
+      * per user level control if they really need challenge questions
+email:
 - andrew@akennedy.io
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
-- .gitignore
+files:
+- ".gitignore"
 - Gemfile
 - README.md
 - Rakefile
@@ -82,26 +92,25 @@ files:
 - lib/generators/devise_challenge_questionable/views_generator.rb
 homepage: https://github.com/akennedy/devise_challenge_questionable
 licenses: []
 metadata: {}
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
-  - *id004
-required_rubygems_version: !ruby/object:Gem::Requirement
-  requirements:
-  - *id004
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project: devise_challenge_questionable
-rubygems_version: 2.0.15
+rubygems_version: 2.7.8
 signing_key:
 specification_version: 4
 summary: Challenge question plugin for devise
 test_files: []