RubyGems - devise_security_extension - Versions diffs - 0.6.1 → 0.6.2 - Mend

devise_security_extension 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

data/VERSION +1 -1
data/devise_security_extension.gemspec +2 -2
data/lib/devise_security_extension/models/old_password.rb +1 -1
data/lib/devise_security_extension/models/password_archivable.rb +17 -7
metadata +3 -3

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.6.1
1	+ 0.6.2

data/devise_security_extension.gemspec CHANGED Viewed

@@ -5,11 +5,11 @@
 Gem::Specification.new do |s|
   s.name = "devise_security_extension"
-  s.version = "0.6.1"
+  s.version = "0.6.2"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Marco Scholl", "Alexander Dreher"]
-  s.date = "2012-06-06"
+  s.date = "2012-06-12"
   s.description = "An enterprise security extension for devise, trying to meet industrial standard security demands for web applications."
   s.email = "team@phatworx.de"
   s.extra_rdoc_files = [

data/lib/devise_security_extension/models/old_password.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 class OldPassword < ActiveRecord::Base
   belongs_to :password_archivable, :polymorphic => true
-  attr_accessible :encrypted_password
+  attr_accessible :encrypted_password, :password_salt
 end

data/lib/devise_security_extension/models/password_archivable.rb CHANGED Viewed

@@ -26,7 +26,9 @@ module Devise
         end
         if self.class.deny_old_passwords > 0 and not self.password.nil?
-          self.old_passwords.reverse_order(:id).limit(self.class.deny_old_passwords).each do |old_password|
+          old_passwords_including_cur_change = self.old_passwords.order(:id).reverse_order.limit(self.class.deny_old_passwords)
+          old_passwords_including_cur_change << OldPassword.new(old_password_params)  # include most recent change in list, but don't save it yet!
+          old_passwords_including_cur_change.each do |old_password|
             dummy                    = self.class.new
             dummy.encrypted_password = old_password.encrypted_password
             dummy.password_salt      = old_password.password_salt if dummy.respond_to?(:password_salt)
@@ -36,6 +38,11 @@ module Devise
         false
       end
+      def password_changed_to_same?
+        pass_change = encrypted_password_change
+        pass_change && pass_change.first == pass_change.last
+      end
       private
@@ -43,17 +50,20 @@ module Devise
       def archive_password
         if self.encrypted_password_changed?
           if self.class.password_archiving_count.to_i > 0
-            if self.respond_to?(:password_salt_change) and not self.password_salt_change.nil?
-              self.old_passwords.create! :encrypted_password => self.encrypted_password_change.first, :password_salt => self.password_salt_change.first
-            else
-              self.old_passwords.create! :encrypted_password => self.encrypted_password_change.first
-            end
-            self.old_passwords.reverse_order(:id).offset(self.class.password_archiving_count).destroy_all
+            self.old_passwords.create! old_password_params
+            self.old_passwords.order(:id).reverse_order.offset(self.class.password_archiving_count).destroy_all
           else
             self.old_passwords.destroy_all
           end
         end
       end
+      def old_password_params
+        salt_change = if self.respond_to?(:password_salt_change) and not self.password_salt_change.nil?
+          self.password_salt_change.first
+        end
+        { :encrypted_password => self.encrypted_password_change.first, :password_salt => salt_change }
+      end
       module ClassMethods
         ::Devise::Models.config(self, :password_archiving_count, :deny_old_passwords)

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise_security_extension
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.6.2
   prerelease:
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-06-06 00:00:00.000000000 Z
+date: 2012-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -168,7 +168,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3249260859492066288
+      hash: 3787897429771212555
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: