devise_password_history 0.1.1 → 0.1.2

data/.gitignore

@@ -0,0 +1,8 @@
+*.gem
+.DS_Store
+.bundle
+Gemfile.lock
+coverage/*
+doc/*
+log/*
+pkg/*

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in devise_password_history.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Ryan Heath
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,53 @@
+# DevisePasswordHistory
+
+This extension provides password history support for Devise,
+which allows you to prevent users from re-using the same password
+they've used in the past (the actual limit is configurable).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'devise_password_history'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install devise_password_history
+
+## Usage
+
+After installation, you need to "install" the extension into your
+app via the following command:
+
+    $ bundle exec rails g devise_password_history:install
+
+That generator will do three things:
+
+1. Modifies the `config/initializers/devise.rb` file with two new config options:
+    - `config.deny_old_passwords`: turns the validations on/off
+    - `config.password_history_count`: the threshold of how many passwords to store
+2. Creates an `OldPassword` polymorphic model in `app/models`
+3. Creates the migration for the `old_passwords` table
+
+So once you run the generator, you just need to:
+
+    $ bundle exec rake db:migrate
+
+Now the extension has been installed. To use it, you tell `devise` like with
+any of the other extensions:
+
+    class User < ActiveRecord::Base
+      devise :database_authenticatable, :password_history
+    end
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/devise_password_history.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'devise_password_history/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "devise_password_history"
+  gem.version       = DevisePasswordHistory::VERSION
+  gem.authors       = ["Ryan Heath"]
+  gem.email         = ["ryan@rpheath.com"]
+  gem.description   = %q{Maintains password history and ensures old passwords aren't reused}
+  gem.summary       = %q{Password history support for devise}
+  gem.homepage      = ""
+
+  gem.add_dependency("devise", ["~> 2.2.0"])
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test)/})
+  gem.require_paths = ["lib"]
+end

data/lib/devise_password_history/generators/install_generator.rb

@@ -0,0 +1,35 @@
+require "rails/generators"
+require "rails/generators/base"
+
+module DevisePasswordHistory
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+
+      source_root File.expand_path("../templates", __FILE__)
+      
+      desc "Install the devise password history extension"
+
+      def self.next_migration_number(path)
+        Time.now.utc.strftime("%Y%m%d%H%M%S").to_i.to_s
+      end
+
+      def add_configs
+        inject_into_file "config/initializers/devise.rb", "\n  # ==> Password History\n" +
+          "  # How many old passwords to keep and validate against\n" +
+          "  config.password_history_count = 8\n\n" +
+          "  # Toggles behavior for Deny/Allow old passwords\n" +
+          "  config.deny_old_passwords = true\n\n" +        
+          "", :before => /end[\s|\n|]+\Z/
+      end
+
+      def copy_models
+        copy_file "models/old_password.rb", "app/models/old_password.rb"
+      end
+
+      def copy_migrations
+        migration_template "migrations/create_old_passwords.rb", "db/migrate/create_old_passwords.rb"
+      end
+    end
+  end
+end

data/lib/devise_password_history/generators/templates/migrations/create_old_passwords.rb

@@ -0,0 +1,15 @@
+class CreateOldPasswords < ActiveRecord::Migration
+  def self.up
+    create_table :old_passwords do |t|
+      t.string :encrypted_password, :null => false
+      t.string :password_salt
+      t.string :password_history_type, :null => false
+      t.integer :password_history_id, :null => false 
+      t.datetime :created_at
+    end
+  end
+
+  def self.down
+    drop_table :old_passwords
+  end
+end

data/lib/devise_password_history/generators/templates/models/old_password.rb

@@ -0,0 +1,3 @@
+class OldPassword < ActiveRecord::Base
+  belongs_to :password_history, :polymorphic => true
+end

data/lib/devise_password_history/models/password_history.rb

@@ -0,0 +1,87 @@
+require "active_support/concern"
+
+module Devise
+  module Models
+    module PasswordHistory
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        Devise::Models.config(self, :password_history_count, :deny_old_passwords)
+      end
+
+      included do
+        has_many :old_passwords, :as => :password_history, :dependent => :destroy
+        before_update :store_old_password
+        validate :validate_old_passwords
+      end
+
+      # validation applied here
+      def validate_old_passwords
+        if self.encrypted_password_changed? && self.old_password_being_used?
+          self.errors.add(:password, "has been used already (you can't use your last #{self.class.password_history_count} passwords)")
+        end
+      end
+
+      def old_password_being_used?
+        if active_password_history_support?
+          if self.password.present?
+            # we need to go through each of the old passwords
+            # and check to see if the new password would authenticate
+            # the user (via valid_password?); if so that indicates
+            # the password has been used in the past
+            self.old_passwords.each do |old_pw|
+              temp = self.class.new
+              temp.encrypted_password = old_pw.encrypted_password
+              temp.password_salt = old_pw.password_salt
+
+              # return true if this password "passes" (authenticates)
+              return true if temp.valid_password?(self.password)
+            end
+          end
+        end
+
+        # otherwise, we're safe to let this
+        # password go through
+        false
+      end
+
+    protected
+      # make sure this is turned on in the Devise config
+      def should_deny_old_passwords?
+        self.class.deny_old_passwords.is_a?(TrueClass)
+      end
+
+      # count needs to be above zero
+      def valid_password_history_count?
+        self.class.password_history_count > 0
+      end
+
+      # is this extension configured properly (active)?
+      def active_password_history_support?
+        self.should_deny_old_passwords? && self.valid_password_history_count?
+      end
+
+      # stores the old password in the database;
+      # removes passwords past the configured threshold
+      def store_old_password
+        # only do this if the password has been modified
+        if self.encrypted_password_changed?
+          if self.valid_password_history_count?
+            # record the old password
+            old_pw = self.old_passwords.new
+            old_pw.encrypted_password = self.encrypted_password_change.first
+            old_pw.password_salt = self.password_salt_change.first if self.password_salt_change.present?
+            old_pw.save!
+
+            # wipe out passwords beyond our desired count
+            expired_passwords = self.old_passwords.order(:id).reverse_order.offset(self.class.password_history_count)
+            expired_passwords.destroy_all if expired_passwords.present?
+          else
+            # if the count is zero, no password history
+            self.old_passwords.destroy_all
+          end
+        end
+      end
+    end
+  end
+end

data/lib/devise_password_history/version.rb

@@ -0,0 +1,3 @@
+module DevisePasswordHistory
+  VERSION = "0.1.2"
+end

data/lib/devise_password_history.rb

@@ -0,0 +1,22 @@
+require "active_support/concern"
+
+require "devise"
+require "devise_password_history/version"
+require "devise_password_history/generators/install_generator"
+
+# adds out config options to Devise
+# (see config/initializers/devise.rb)
+module Devise
+  # How many old passwords to save
+  mattr_accessor :password_history_count
+  @@password_history_count = 8
+
+  # Toggles the behavior of denying/allowing old passwords
+  mattr_accessor :deny_old_passwords
+  @@deny_old_passwords = true
+end
+
+module DevisePasswordHistory; end
+
+# makes this module available to the `devise` command
+Devise.add_module :password_history, :model => "devise_password_history/models/password_history"

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: devise_password_history
 version: !ruby/object:Gem::Version 
-  hash: 25
+  hash: 31
   prerelease: 
   segments: 
   - 0
   - 1
-  - 1
-  version: 0.1.1
+  - 2
+  version: 0.1.2
 platform: ruby
 authors: 
 - Ryan Heath
@@ -43,8 +43,19 @@ extensions: []
 
 extra_rdoc_files: []
 
-files: []
-
+files: 
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- devise_password_history.gemspec
+- lib/devise_password_history.rb
+- lib/devise_password_history/generators/install_generator.rb
+- lib/devise_password_history/generators/templates/migrations/create_old_passwords.rb
+- lib/devise_password_history/generators/templates/models/old_password.rb
+- lib/devise_password_history/models/password_history.rb
+- lib/devise_password_history/version.rb
 has_rdoc: true
 homepage: ""
 licenses: []