devise_challenge_questionable 3.1.0 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9c66218a2dcc77bf6f08cc0163089edcb973cabb
4
- data.tar.gz: a72c15d642a96944fdf3399b71b2846157c8833e
3
+ metadata.gz: 7ff4ca563966f0dc96e03aa8496ed3d51cb9e2f1
4
+ data.tar.gz: 2fd2e736e2949aa0625d3c037c3d125fecdaf7b2
5
5
  SHA512:
6
- metadata.gz: 9d5c83dcf8e6dfabbef74cb93cd6528b0b52e7b16eb862e1ec8ec0003db7699126738d8b425f68ddf43b4610befd56dadb5607f4fb30f05dc6e89d5abfee3dc4
7
- data.tar.gz: d6572b42b3facf20020fb980ad3a8845bae1b03f00883c1b873707ab1b88eeb4109c897cd52cce406eafb1f8cc39f8734ea9a5dd6937fb6c70f52372ac01d602
6
+ metadata.gz: ab575c53d3f7179bbda6c7625ef9de475eeb4e34642d64786fd7d874325e8252039abaa730464b90c05321b105634a0023193f3126594352506e7b154f2af20f
7
+ data.tar.gz: c2ab8896bb2ee2e436ca134081678296b964ca3e693d84bac55e63bff2b24424292aea2b020ede4b213ee77c2d9b407755e3caf8c8fc30196e0158f08a38837e
data/README.md CHANGED
@@ -26,9 +26,9 @@ Once that's done, run:
26
26
  In order to add challenge questions to a model, run the command:
27
27
 
28
28
  bundle exec rails g devise_challenge_questionable MODEL
29
-
29
+
30
30
  bundle exec rails g devise_challenge_questionable:install
31
-
31
+
32
32
  bundle exec rails g devise_challenge_questionable:views users
33
33
 
34
34
  Where MODEL is your model name (e.g. User or Admin). This generator will add `:challenge_questionable` to your model
@@ -45,9 +45,9 @@ To manually enable challenge questions for the User model, you should add the fo
45
45
  ```ruby
46
46
  has_many :user_challenge_questions, :validate => true, :inverse_of => :user
47
47
  accepts_nested_attributes_for :user_challenge_questions, :allow_destroy => true
48
-
48
+
49
49
  devise :challenge_questionable
50
-
50
+
51
51
  attr_accessible :user_challenge_questions_attributes
52
52
  ```
53
53
 
@@ -68,9 +68,13 @@ You also need to add the `user_challenge_question.rb` Model.
68
68
  before_save :digest_challenge_answer
69
69
 
70
70
  def digest_challenge_answer
71
- write_attribute(:challenge_answer, Digest::MD5.hexdigest(self.challenge_answer.downcase)) unless self.challenge_answer.nil?
71
+ if ENV['PASSWORD_PEPPER']
72
+ write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase + ENV['PASSWORD_PEPPER'], :cost => Devise.stretches)) unless self.challenge_answer.nil?
73
+ else
74
+ write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase, :cost => Devise.stretches)) unless self.challenge_answer.nil?
75
+ end
72
76
  end
73
-
77
+
74
78
  private
75
79
  def challenge_question_uniqueness
76
80
  if self.challenge_question.present? && self.user.user_challenge_questions.select{|q| q.challenge_question == self.challenge_question}.count > 1
@@ -83,7 +87,7 @@ You also need to add the `user_challenge_question.rb` Model.
83
87
  errors.add(:challenge_answer, 'can only be used once')
84
88
  end
85
89
  end
86
-
90
+
87
91
  def challenge_answer_repeating
88
92
  if self.challenge_answer.present? && self.challenge_answer =~ /(.)\1{2,}/
89
93
  errors.add(:challenge_answer, 'can not have more then two repeating characters in a row')
@@ -132,7 +136,7 @@ By default challenge questions are enabled for each user, you can change it with
132
136
  def login_challenge_questions?(request)
133
137
  request.ip != '127.0.0.1'
134
138
  end
135
-
139
+
136
140
  def set_challenge_questions?(request)
137
141
  request.ip != '127.0.0.1'
138
142
  end
@@ -95,7 +95,14 @@ class Devise::ChallengeQuestionsController < DeviseController
95
95
  end
96
96
 
97
97
  def challenge_questions_authenticated?
98
- @challenge_questions.all?{|question| Digest::MD5.hexdigest(question[:challenge_answer].try(:downcase).to_s).eql?(question[:answer])}
98
+ @challenge_questions.all? do |question|
99
+ @user_hash = ::BCrypt::Password.new(question[:answer])
100
+ if ENV['PASSWORD_PEPPER']
101
+ @user_hash.is_password?(question[:challenge_answer].try(:downcase) + ENV['PASSWORD_PEPPER'])
102
+ else
103
+ @user_hash.is_password?(question[:challenge_answer].try(:downcase))
104
+ end
105
+ end
99
106
  end
100
107
 
101
108
  def build_challenge_questions
@@ -1,3 +1,3 @@
1
1
  module DeviseChallengeQuestionable
2
- VERSION = "3.1.0"
2
+ VERSION = "3.2.0"
3
3
  end
@@ -1,14 +1,18 @@
1
1
  class <%= class_name %>ChallengeQuestion < ActiveRecord::Base
2
-
2
+
3
3
  belongs_to :<%= class_name.underscore %>
4
-
4
+
5
5
  validates :challenge_question, :uniqueness => {:scope => :<%= class_name.underscore %>_id}
6
6
  validates :challenge_answer, :presence => true
7
-
7
+
8
8
  before_save :digest_challenge_answer
9
-
9
+
10
10
  def digest_challenge_answer
11
- write_attribute(:challenge_answer, Digest::MD5.hexdigest(self.challenge_answer)) unless self.challenge_answer.nil?
11
+ if ENV['PASSWORD_PEPPER']
12
+ write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase + ENV['PASSWORD_PEPPER'], :cost => Devise.stretches)) unless self.challenge_answer.nil?
13
+ else
14
+ write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase, :cost => Devise.stretches)) unless self.challenge_answer.nil?
15
+ end
12
16
  end
13
-
14
- end
17
+
18
+ end
metadata CHANGED
@@ -1,55 +1,55 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_challenge_questionable
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.0
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Kennedy
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-23 00:00:00.000000000 Z
11
+ date: 2017-03-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - '>='
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
19
  version: 4.0.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - '>='
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
26
  version: 4.0.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: devise
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - '>='
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
33
  version: 4.0.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - '>='
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: 4.0.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - '>='
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
47
  version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - '>='
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
55
  description: |2
@@ -62,7 +62,7 @@ executables: []
62
62
  extensions: []
63
63
  extra_rdoc_files: []
64
64
  files:
65
- - .gitignore
65
+ - ".gitignore"
66
66
  - Gemfile
67
67
  - README.md
68
68
  - Rakefile
@@ -99,17 +99,17 @@ require_paths:
99
99
  - lib
100
100
  required_ruby_version: !ruby/object:Gem::Requirement
101
101
  requirements:
102
- - - '>='
102
+ - - ">="
103
103
  - !ruby/object:Gem::Version
104
104
  version: '0'
105
105
  required_rubygems_version: !ruby/object:Gem::Requirement
106
106
  requirements:
107
- - - '>='
107
+ - - ">="
108
108
  - !ruby/object:Gem::Version
109
109
  version: '0'
110
110
  requirements: []
111
111
  rubyforge_project: devise_challenge_questionable
112
- rubygems_version: 2.0.14.1
112
+ rubygems_version: 2.6.10
113
113
  signing_key:
114
114
  specification_version: 4
115
115
  summary: Challenge question plugin for devise