RubyGems - devise_challenge_questionable - Versions diffs - 3.1.0 → 3.2.0 - Mend

devise_challenge_questionable 3.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +12 -8
data/app/controllers/devise/challenge_questions_controller.rb +8 -1
data/lib/devise_challenge_questionable/version.rb +1 -1
data/lib/generators/devise_challenge_questionable/templates/challenge_question_model.rb +11 -7
metadata +12 -12

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9c66218a2dcc77bf6f08cc0163089edcb973cabb
-  data.tar.gz: a72c15d642a96944fdf3399b71b2846157c8833e
+  metadata.gz: 7ff4ca563966f0dc96e03aa8496ed3d51cb9e2f1
+  data.tar.gz: 2fd2e736e2949aa0625d3c037c3d125fecdaf7b2
 SHA512:
-  metadata.gz: 9d5c83dcf8e6dfabbef74cb93cd6528b0b52e7b16eb862e1ec8ec0003db7699126738d8b425f68ddf43b4610befd56dadb5607f4fb30f05dc6e89d5abfee3dc4
-  data.tar.gz: d6572b42b3facf20020fb980ad3a8845bae1b03f00883c1b873707ab1b88eeb4109c897cd52cce406eafb1f8cc39f8734ea9a5dd6937fb6c70f52372ac01d602
+  metadata.gz: ab575c53d3f7179bbda6c7625ef9de475eeb4e34642d64786fd7d874325e8252039abaa730464b90c05321b105634a0023193f3126594352506e7b154f2af20f
+  data.tar.gz: c2ab8896bb2ee2e436ca134081678296b964ca3e693d84bac55e63bff2b24424292aea2b020ede4b213ee77c2d9b407755e3caf8c8fc30196e0158f08a38837e

data/README.md CHANGED Viewed

@@ -26,9 +26,9 @@ Once that's done, run:
 In order to add challenge questions to a model, run the command:
     bundle exec rails g devise_challenge_questionable MODEL
     bundle exec rails g devise_challenge_questionable:install
     bundle exec rails g devise_challenge_questionable:views users
 Where MODEL is your model name (e.g. User or Admin). This generator will add `:challenge_questionable` to your model
@@ -45,9 +45,9 @@ To manually enable challenge questions for the User model, you should add the fo
 ```ruby
   has_many :user_challenge_questions, :validate => true, :inverse_of => :user
   accepts_nested_attributes_for :user_challenge_questions, :allow_destroy => true
   devise :challenge_questionable
   attr_accessible :user_challenge_questions_attributes
 ```
@@ -68,9 +68,13 @@ You also need to add the `user_challenge_question.rb` Model.
     before_save :digest_challenge_answer
     def digest_challenge_answer
-      write_attribute(:challenge_answer, Digest::MD5.hexdigest(self.challenge_answer.downcase)) unless self.challenge_answer.nil?
+      if ENV['PASSWORD_PEPPER']
+        write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase + ENV['PASSWORD_PEPPER'], :cost => Devise.stretches)) unless self.challenge_answer.nil?
+      else
+        write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase, :cost => Devise.stretches)) unless self.challenge_answer.nil?
+      end
     end
     private
     def challenge_question_uniqueness
       if self.challenge_question.present? && self.user.user_challenge_questions.select{|q| q.challenge_question == self.challenge_question}.count > 1
@@ -83,7 +87,7 @@ You also need to add the `user_challenge_question.rb` Model.
         errors.add(:challenge_answer, 'can only be used once')
       end
     end
     def challenge_answer_repeating
       if self.challenge_answer.present? && self.challenge_answer =~ /(.)\1{2,}/
         errors.add(:challenge_answer, 'can not have more then two repeating characters in a row')
@@ -132,7 +136,7 @@ By default challenge questions are enabled for each user, you can change it with
   def login_challenge_questions?(request)
     request.ip != '127.0.0.1'
   end
   def set_challenge_questions?(request)
     request.ip != '127.0.0.1'
   end

data/app/controllers/devise/challenge_questions_controller.rb CHANGED Viewed

@@ -95,7 +95,14 @@ class Devise::ChallengeQuestionsController < DeviseController
     end
     def challenge_questions_authenticated?
-      @challenge_questions.all?{|question| Digest::MD5.hexdigest(question[:challenge_answer].try(:downcase).to_s).eql?(question[:answer])}
+      @challenge_questions.all? do |question|
+        @user_hash = ::BCrypt::Password.new(question[:answer])
+        if ENV['PASSWORD_PEPPER']
+          @user_hash.is_password?(question[:challenge_answer].try(:downcase) + ENV['PASSWORD_PEPPER'])
+        else
+          @user_hash.is_password?(question[:challenge_answer].try(:downcase))
+        end
+      end
     end
     def build_challenge_questions

data/lib/devise_challenge_questionable/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module DeviseChallengeQuestionable
-  VERSION = "3.1.0"
+  VERSION = "3.2.0"
 end

data/lib/generators/devise_challenge_questionable/templates/challenge_question_model.rb CHANGED Viewed

@@ -1,14 +1,18 @@
 class <%= class_name %>ChallengeQuestion < ActiveRecord::Base
   belongs_to :<%= class_name.underscore %>
   validates :challenge_question, :uniqueness => {:scope => :<%= class_name.underscore %>_id}
   validates :challenge_answer, :presence => true
   before_save :digest_challenge_answer
   def digest_challenge_answer
-    write_attribute(:challenge_answer, Digest::MD5.hexdigest(self.challenge_answer)) unless self.challenge_answer.nil?
+    if ENV['PASSWORD_PEPPER']
+      write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase + ENV['PASSWORD_PEPPER'], :cost => Devise.stretches)) unless self.challenge_answer.nil?
+    else
+      write_attribute(:challenge_answer, ::BCrypt::Password.create(self.challenge_answer.downcase, :cost => Devise.stretches)) unless self.challenge_answer.nil?
+    end
   end
-end
+end

metadata CHANGED Viewed

@@ -1,55 +1,55 @@
 --- !ruby/object:Gem::Specification
 name: devise_challenge_questionable
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.2.0
 platform: ruby
 authors:
 - Andrew Kennedy
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-03-23 00:00:00.000000000 Z
+date: 2017-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: |2
@@ -62,7 +62,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
 - Gemfile
 - README.md
 - Rakefile
@@ -99,17 +99,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: devise_challenge_questionable
-rubygems_version: 2.0.14.1
+rubygems_version: 2.6.10
 signing_key:
 specification_version: 4
 summary: Challenge question plugin for devise