RubyGems - devise_challenge_questionable - Versions diffs - 2.0.0 → 3.3.2 - Mend

devise_challenge_questionable 2.0.0 → 3.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +7 -7
data/.gitignore +1 -0
data/README.md +12 -8
data/app/controllers/devise/challenge_questions_controller.rb +39 -32
data/app/views/devise/challenge_questions/edit.html.erb +7 -22
data/devise_challenge_questionable.gemspec +3 -3
data/lib/devise_challenge_questionable/controllers/helpers.rb +2 -2
data/lib/devise_challenge_questionable/mailer.rb +2 -2
data/lib/devise_challenge_questionable/model.rb +16 -13
data/lib/devise_challenge_questionable/version.rb +1 -1
data/lib/generators/devise_challenge_questionable/templates/challenge_question_model.rb +11 -7
metadata +59 -50

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
----
-SHA512:
-  data.tar.gz: 8695e654d2bb19c2cc3898c7c37ef3a1b50f4581b8d6984abffe64df691289de2ddbfbaf03454e21a371872c7226ca73fb336077b458bd4cf2d2f3e6bb9fe981
-  metadata.gz: 6ac2620ad0657c87ae83e8e5c48cc13fd10064ddcdf93048aedbfd47137709f072008d501024c78172a78e01e6a47859d924824cb276b04e10fbb3af18b6d1f1
-SHA1:
-  data.tar.gz: 3c16a6153e9482d879cc84b9c48fd6bd4e28bcd3
-  metadata.gz: fdae3b18830c50d05005ebcd56efd230d81f12fb
+---
+SHA256:
+  metadata.gz: a77778f0523bd02065afa11b69367b3430cbb92a5359b8b8817d2723efabba4e
+  data.tar.gz: 6e91e372d2199dffaed5ade3eddf2d0a3e43eae70f0ba1ffe807915cafc217cb
+SHA512:
+  metadata.gz: 24febe5a3b8ae5ff545e5f9a9498f3e0d6bad1e93e1176877e9436c5bc4326d37435c54296f31bf8f820a04fef3b306b8d23ef80d45caa37cda77548b4786542
+  data.tar.gz: 3ac583e0d4c08d5f3ab00f973a88a7b801649201444a386ae496d2b68c39ecb4dff32c526f23f2ba1b375e563bd5048816a5656537a42cb13821421b943b4876

data/.gitignore CHANGED

@@ -18,3 +18,4 @@ patches-*
 capybara-*.html
 dump.rdb
 *.ids
+.idea/

data/README.md CHANGED

@@ -26,9 +26,9 @@ Once that's done, run:
 In order to add challenge questions to a model, run the command:
     bundle exec rails g devise_challenge_questionable MODEL
     bundle exec rails g devise_challenge_questionable:install
     bundle exec rails g devise_challenge_questionable:views users
 Where MODEL is your model name (e.g. User or Admin). This generator will add `:challenge_questionable` to your model
@@ -45,9 +45,9 @@ To manually enable challenge questions for the User model, you should add the fo
 ```ruby
   has_many :user_challenge_questions, :validate => true, :inverse_of => :user
   accepts_nested_attributes_for :user_challenge_questions, :allow_destroy => true
   devise :challenge_questionable
   attr_accessible :user_challenge_questions_attributes
 ```
@@ -68,9 +68,13 @@ You also need to add the `user_challenge_question.rb` Model.
     before_save :digest_challenge_answer
     def digest_challenge_answer
-      write_attribute(:challenge_answer, Digest::MD5.hexdigest(self.challenge_answer.downcase)) unless self.challenge_answer.nil?
+      if ENV['PASSWORD_PEPPER']
+        write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase + ENV['PASSWORD_PEPPER'], :cost => Devise.stretches)) unless self.challenge_answer.nil?
+      else
+        write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase, :cost => Devise.stretches)) unless self.challenge_answer.nil?
+      end
     end
     private
     def challenge_question_uniqueness
       if self.challenge_question.present? && self.user.user_challenge_questions.select{|q| q.challenge_question == self.challenge_question}.count > 1
@@ -83,7 +87,7 @@ You also need to add the `user_challenge_question.rb` Model.
         errors.add(:challenge_answer, 'can only be used once')
       end
     end
     def challenge_answer_repeating
       if self.challenge_answer.present? && self.challenge_answer =~ /(.)\1{2,}/
         errors.add(:challenge_answer, 'can not have more then two repeating characters in a row')
@@ -132,7 +136,7 @@ By default challenge questions are enabled for each user, you can change it with
   def login_challenge_questions?(request)
     request.ip != '127.0.0.1'
   end
   def set_challenge_questions?(request)
     request.ip != '127.0.0.1'
   end

data/app/controllers/devise/challenge_questions_controller.rb CHANGED

@@ -1,43 +1,43 @@
 class Devise::ChallengeQuestionsController < DeviseController
-  prepend_before_filter :require_no_authentication, :only => [ :new, :create, :edit, :update, :max_challenge_question_attempts_reached ]
-  prepend_before_filter :authenticate_scope!, :only => [:show, :authenticate, :manage, :forgot]
-  before_filter :prepare_and_validate, :handle_challenge_questions, :only => [:show, :authenticate]
+  prepend_before_action :require_no_authentication, :only => [ :new, :create, :edit, :update, :max_challenge_question_attempts_reached ]
+  prepend_before_action :authenticate_scope!, :only => [:show, :authenticate, :manage, :forgot]
+  before_action :prepare_and_validate, :handle_challenge_questions, :only => [:show, :authenticate]
   # GET /resource/challenge_question/new
   def new
-    build_resource
-    render_with_scope :new
+    self.resource = resource_class.new
+    render :new
   end
   # POST /resource/challenge_question
   def create
     self.resource = resource_class.send_reset_challenge_questions_instructions(params[resource_name])
     if resource.errors.empty?
       set_flash_message :notice, :send_instructions
-      redirect_to new_session_path(resource_name)
+      redirect_to home_path
     else
-      render_with_scope :new
+      render :new
     end
   end
   # GET /resource/challenge_question/edit?reset_challenge_questions_token=abcdef
   def edit
     self.resource = resource_class.new
     resource.reset_challenge_questions_token = params[:reset_challenge_questions_token]
     Devise.number_of_challenge_questions_stored.times { resource.send("#{resource_name}_challenge_questions").build }
-    render_with_scope :edit
+    render :edit
   end
   # PUT /resource/challenge_question
   def update
     self.resource = resource_class.reset_challenge_questions_by_token(params[resource_name])
     if resource.errors.empty?
       set_flash_message :notice, :updated_challenge_questions
-      redirect_to :root
+      sign_in_and_redirect(resource)
     else
-      render_with_scope :edit
+      render :edit
     end
   end
@@ -45,11 +45,11 @@ class Devise::ChallengeQuestionsController < DeviseController
   def show
     @challenge_questions = resource.send("#{resource_name}_challenge_questions").sample(params[:limit].try(:to_i) || Devise.number_of_challenge_questions_asked)
     respond_to do |format|
-      format.html { render_with_scope :show }
+      format.html { render :show }
       format.json { render :json => @challenge_questions.as_json(:only => [:id, :challenge_question]) }
     end
   end
   def authenticate
     build_challenge_questions
     if @challenge_questions.present? && challenge_questions_authenticated?
@@ -61,21 +61,21 @@ class Devise::ChallengeQuestionsController < DeviseController
       else
         failed_attempts
       end
-    end
+    end
   end
   # Build token and redirect
   def manage
     resource.set_reset_challenge_questions_token
     sign_out(resource)
-    redirect_to edit_challenge_question_path(resource, :reset_challenge_questions_token => resource.reset_challenge_questions_token)
+    redirect_to edit_user_challenge_question_path(resource, :reset_challenge_questions_token => resource.reset_challenge_questions_token)
   end
   def forgot
     sign_out(resource)
-    redirect_to new_challenge_question_path(resource_name)
+    redirect_to new_user_challenge_question_path(resource_name)
   end
   def max_challenge_question_attempts_reached
   end
@@ -90,21 +90,28 @@ class Devise::ChallengeQuestionsController < DeviseController
       @limit = resource.class.max_challenge_question_attempts
       if resource.max_challenge_question_attempts?
         sign_out(resource)
-        render_with_scope :max_challenge_question_attempts_reached and return
+        render :max_challenge_question_attempts_reached and return
       end
     end
     def challenge_questions_authenticated?
-      @challenge_questions.all?{|question| Digest::MD5.hexdigest(question[:challenge_answer].try(:downcase).to_s).eql?(question[:answer])}
+      @challenge_questions.all? do |question|
+        @user_hash = ::BCrypt::Password.new(question[:answer])
+        if ENV['PASSWORD_PEPPER']
+          @user_hash.is_password?(question[:challenge_answer].try(:downcase) + ENV['PASSWORD_PEPPER'])
+        else
+          @user_hash.is_password?(question[:challenge_answer].try(:downcase))
+        end
+      end
     end
     def build_challenge_questions
       respond_to do |format|
         format.html { @challenge_questions = (params[:challenge_questions] || []).map{|cq, params| params.merge(:answer => resource.send("#{resource_name}_challenge_questions").find(params[:id]).challenge_answer)} }
         format.json { @challenge_questions = (params[:challenge_questions] || []).map{|cq| cq.merge(:answer => resource.send("#{resource_name}_challenge_questions").find(cq[:id]).challenge_answer)} }
       end
     end
     def challenge_questions_authenticated
       respond_to do |format|
         format.html do
@@ -115,25 +122,25 @@ class Devise::ChallengeQuestionsController < DeviseController
       end
       resource.update_attribute(:challenge_question_failed_attempts, 0)
     end
     def set_failed_attempt
       resource.challenge_question_failed_attempts += 1
       resource.save
     end
     def max_failed_attempts
       resource.max_challenge_question_lock_account
       sign_out(resource)
       respond_to do |format|
-        format.html { render_with_scope :max_challenge_question_attempts_reached and return }
+        format.html { render :max_challenge_question_attempts_reached and return }
         format.json { render :json => {:max_attempts_reached => true, :errors => I18n.t(:"#{resource_name}.#{:max_attempts_reached}", :resource_name => resource_name, :scope => [:devise, controller_name.to_sym], :default => :attempt_failed)} }
       end
     end
     def failed_attempts
       respond_to do |format|
         format.html { redirect_to send("#{resource_name}_challenge_question_path" ) }
         format.json { render :json => {:errors => I18n.t(:"#{resource_name}.#{:attempt_failed}", :resource_name => resource_name, :scope => [:devise, controller_name.to_sym], :default => :attempt_failed)} }
       end
     end
-end
+end

data/app/views/devise/challenge_questions/edit.html.erb CHANGED

@@ -7,7 +7,7 @@
     <%= devise_error_messages! %>
     <%= f.hidden_field :id %>
     <%= f.hidden_field :reset_challenge_questions_token %>
     <%= f.fields_for :"#{resource_name}_challenge_questions", resource.send("#{resource_name}_challenge_questions") do |cq| %>
       <% if cq.object.new_record? %>
         <p>
@@ -40,25 +40,10 @@
 <script type="text/javascript" language="javascript">
   if (window.jQuery) {
-    jQuery(document).ready(function() {
-      $("select").change(function () {
-        var $this = $(this);
-        var prevVal = $this.data("prev");
-        var otherSelects = $("select").not(this);
-        otherSelects.find('option:contains('+ $(this).val() +')').attr('disabled', 'disabled');
-        if (prevVal) {
-            otherSelects.find('option:contains('+ prevVal +')').removeAttr('disabled');
-        }
-        $this.data("prev", $this.val());
-      });
-      $("select").each(function () {
-        var $this = $(this);
-        var prevVal = $this.data("prev");
-        var otherSelects = $("select").not(this);
-        otherSelects.find('option:contains('+ $(this).val() +')').attr('disabled', 'disabled');
-        $this.data("prev", $this.val());
-      });
-    });
+    $('select').on('change', function(e) {
+      var $this = $(this);
+      var otherSelects = $("select").not(this);
+      otherSelects.find('option:contains('+ $(this).val() +')').attr('disabled','disabled')
+    })
   }
-</script>
+</script>

data/devise_challenge_questionable.gemspec CHANGED

@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
   s.description = <<-EOF
     ### Features ###
     * configure max challenge question attempts
-    * per user level control if he really need challenge questions
+    * per user level control if they really need challenge questions
   EOF
   s.rubyforge_project = "devise_challenge_questionable"
@@ -22,8 +22,8 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-  s.add_runtime_dependency 'rails', '>= 3.0.20'
-  s.add_runtime_dependency 'devise', '>= 2.0.0.rc'
+  s.add_runtime_dependency 'rails', '>= 5.0.0'
+  s.add_runtime_dependency 'devise', '>= 4.0.0'
   s.add_development_dependency 'bundler'
 end

data/lib/devise_challenge_questionable/controllers/helpers.rb CHANGED

@@ -4,7 +4,7 @@ module DeviseChallengeQuestionable
       extend ActiveSupport::Concern
       included do
-        before_filter :handle_challenge_questions
+        before_action :handle_challenge_questions
       end
       private
@@ -51,4 +51,4 @@ module DeviseChallengeQuestionable
     end
   end
-end
+end

data/lib/devise_challenge_questionable/mailer.rb CHANGED

@@ -2,7 +2,7 @@ module DeviseChallengeQuestionable
   module Mailer
     # Deliver reset challenge question instructions when is requested
     def reset_challenge_questions_instructions(record)
-      setup_mail(record, :reset_challenge_questions_instructions)
+      devise_mail(record, :reset_challenge_questions_instructions)
     end
   end
-end
+end

data/lib/devise_challenge_questionable/model.rb CHANGED

@@ -3,12 +3,12 @@ module Devise
   module Models
     module ChallengeQuestionable
       extend ActiveSupport::Concern
       # Update challenge questions saving the record and clearing token. Returns true if
       # the challenge questions are valid and the record was saved, false otherwise.
       def reset_challenge_questions!(attributes)
         self.send("#{self.class.name.underscore}_challenge_questions").destroy_all
-        self.attributes = {"#{self.class.name.underscore}_challenge_questions_attributes" => attributes["#{self.class.name.underscore}_challenge_questions_attributes"]}
+        self.attributes = {"#{self.class.name.underscore}_challenge_questions_attributes" => attributes["#{self.class.name.underscore}_challenge_questions_attributes"]}
         clear_reset_challenge_questions_token if self.valid?
         self.save
       end
@@ -16,11 +16,11 @@ module Devise
       def login_challenge_questions?(request)
         true
       end
       def set_challenge_questions?(request)
         true
       end
       def max_challenge_question_lock_account
         self.lock_access! if self.class.lock_strategy_enabled?(:failed_attempts)
       end
@@ -28,18 +28,18 @@ module Devise
       def max_challenge_question_attempts?
         challenge_question_failed_attempts >= self.class.max_challenge_question_attempts
       end
       # Resets reset challenge question token and send reset challenge question instructions by email
       def send_reset_challenge_questions_instructions
         generate_reset_challenge_questions_token!
         ::Devise.mailer.reset_challenge_questions_instructions(self).deliver
       end
       # Generates a new random token for reset challenge_question
       def set_reset_challenge_questions_token
         generate_reset_challenge_questions_token!
       end
       def unlock_access_including_challenge_questions!
         if_access_locked do
           self.locked_at = nil
@@ -49,7 +49,7 @@ module Devise
           save(:validate => false)
         end
       end
       protected
         # Generates a new random token for reset challenge_question
@@ -67,14 +67,14 @@ module Devise
         def clear_reset_challenge_questions_token
           self.reset_challenge_questions_token = nil
         end
         def clear_challenge_question_failed_attempts
           self.challenge_question_failed_attempts = 0
         end
       module ClassMethods
         ::Devise::Models.config(self, :max_challenge_question_attempts)
         # Attempt to find a user by it's email. If a record is found, send new
         # challenge_question instructions to it. If not user is found, returns a new user
         # with an email not found error.
@@ -87,7 +87,10 @@ module Devise
         # Generate a token checking if one does not already exist in the database.
         def reset_challenge_questions_token
-          generate_token(:reset_challenge_questions_token)
+          loop do
+            token = Devise.friendly_token
+            break token unless User.find_by(:reset_challenge_questions_token => token)
+          end
         end
         # Attempt to find a user by it's reset_challenge_questions_token to reset it's
@@ -103,4 +106,4 @@ module Devise
       end
     end
   end
-end
+end

data/lib/devise_challenge_questionable/version.rb CHANGED

@@ -1,3 +1,3 @@
 module DeviseChallengeQuestionable
-  VERSION = "2.0.0"
+  VERSION = "3.3.2"
 end

data/lib/generators/devise_challenge_questionable/templates/challenge_question_model.rb CHANGED

@@ -1,14 +1,18 @@
 class <%= class_name %>ChallengeQuestion < ActiveRecord::Base
   belongs_to :<%= class_name.underscore %>
   validates :challenge_question, :uniqueness => {:scope => :<%= class_name.underscore %>_id}
   validates :challenge_answer, :presence => true
   before_save :digest_challenge_answer
   def digest_challenge_answer
-    write_attribute(:challenge_answer, Digest::MD5.hexdigest(self.challenge_answer)) unless self.challenge_answer.nil?
+    if ENV['PASSWORD_PEPPER']
+      write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase + ENV['PASSWORD_PEPPER'], :cost => Devise.stretches)) unless self.challenge_answer.nil?
+    else
+      write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase, :cost => Devise.stretches)) unless self.challenge_answer.nil?
+    end
   end
-end
+end

metadata CHANGED

@@ -1,58 +1,68 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: devise_challenge_questionable
-version: !ruby/object:Gem::Version
-  version: 2.0.0
+version: !ruby/object:Gem::Version
+  version: 3.3.2
 platform: ruby
-authors:
+authors:
 - Andrew Kennedy
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-05-16 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2020-05-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rails
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
-    requirements:
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.0.20
+      - !ruby/object:Gem::Version
+        version: 5.0.0
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: devise
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.0.0.rc
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: bundler
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
-    requirements:
-    - &id004
-      - ">="
-      - !ruby/object:Gem::Version
-        version: "0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id003
-description: "    ### Features ###\n    * configure max challenge question attempts\n    * per user level control if he really need challenge questions\n"
-email:
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |2
+      ### Features ###
+      * configure max challenge question attempts
+      * per user level control if they really need challenge questions
+email:
 - andrew@akennedy.io
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
-- .gitignore
+files:
+- ".gitignore"
 - Gemfile
 - README.md
 - Rakefile
@@ -82,26 +92,25 @@ files:
 - lib/generators/devise_challenge_questionable/views_generator.rb
 homepage: https://github.com/akennedy/devise_challenge_questionable
 licenses: []
 metadata: {}
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
-  - *id004
-required_rubygems_version: !ruby/object:Gem::Requirement
-  requirements:
-  - *id004
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project: devise_challenge_questionable
-rubygems_version: 2.0.15
+rubygems_version: 2.7.8
 signing_key:
 specification_version: 4
 summary: Challenge question plugin for devise
 test_files: []