RubyGems - devise_security_extension - Versions diffs - 0.7.2 → 0.10.0 - Mend

devise_security_extension 0.7.2 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

checksums.yaml +7 -0
data/.gitignore +39 -0
data/.rubocop.yml +38 -0
data/Gemfile +2 -15
data/Gemfile.lock +157 -112
data/README.md +264 -0
data/Rakefile +13 -29
data/app/controllers/devise/paranoid_verification_code_controller.rb +42 -0
data/app/controllers/devise/password_expired_controller.rb +20 -7
data/app/views/devise/paranoid_verification_code/show.html.erb +10 -0
data/config/locales/de.yml +3 -0
data/config/locales/en.yml +7 -4
data/config/locales/it.yml +10 -0
data/devise_security_extension.gemspec +24 -88
data/lib/devise_security_extension/controllers/helpers.rb +40 -7
data/lib/devise_security_extension/hooks/paranoid_verification.rb +5 -0
data/lib/devise_security_extension/hooks/password_expirable.rb +1 -1
data/lib/devise_security_extension/hooks/session_limitable.rb +3 -2
data/lib/devise_security_extension/models/database_authenticatable_patch.rb +26 -0
data/lib/devise_security_extension/models/expirable.rb +1 -2
data/lib/devise_security_extension/models/old_password.rb +1 -2
data/lib/devise_security_extension/models/paranoid_verification.rb +35 -0
data/lib/devise_security_extension/models/password_archivable.rb +11 -11
data/lib/devise_security_extension/models/password_expirable.rb +9 -5
data/lib/devise_security_extension/models/secure_validatable.rb +35 -9
data/lib/devise_security_extension/models/security_questionable.rb +4 -1
data/lib/devise_security_extension/patches/confirmations_controller_captcha.rb +3 -1
data/lib/devise_security_extension/patches/confirmations_controller_security_question.rb +3 -1
data/lib/devise_security_extension/patches/passwords_controller_captcha.rb +3 -1
data/lib/devise_security_extension/patches/passwords_controller_security_question.rb +3 -1
data/lib/devise_security_extension/patches/registrations_controller_captcha.rb +11 -8
data/lib/devise_security_extension/patches/sessions_controller_captcha.rb +8 -5
data/lib/devise_security_extension/patches/unlocks_controller_captcha.rb +3 -1
data/lib/devise_security_extension/patches/unlocks_controller_security_question.rb +3 -1
data/lib/devise_security_extension/routes.rb +4 -0
data/lib/devise_security_extension/version.rb +3 -0
data/lib/devise_security_extension.rb +20 -10
data/lib/generators/devise_security_extension/install_generator.rb +16 -33
data/lib/generators/templates/devise_security_extension.rb +38 -0
data/test/dummy/Rakefile +6 -0
data/test/dummy/app/controllers/application_controller.rb +2 -0
data/test/dummy/app/controllers/foos_controller.rb +0 -0
data/test/dummy/app/models/.gitkeep +0 -0
data/test/dummy/app/models/user.rb +4 -0
data/test/dummy/app/views/foos/index.html.erb +0 -0
data/test/dummy/config/application.rb +24 -0
data/test/dummy/config/boot.rb +6 -0
data/test/dummy/config/database.yml +7 -0
data/test/dummy/config/environment.rb +5 -0
data/test/dummy/config/environments/test.rb +21 -0
data/test/dummy/config/initializers/devise.rb +9 -0
data/test/dummy/config/routes.rb +6 -0
data/test/dummy/config/secrets.yml +3 -0
data/test/dummy/config.ru +4 -0
data/test/dummy/db/migrate/20120508165529_create_tables.rb +26 -0
data/test/dummy/db/migrate/20150402165590_add_verification_columns.rb +11 -0
data/test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb +9 -0
data/test/test_helper.rb +10 -0
data/test/test_install_generator.rb +16 -0
data/test/test_paranoid_verification.rb +124 -0
data/test/test_password_archivable.rb +61 -0
data/test/test_password_expired_controller.rb +24 -0
metadata +142 -62
data/README.rdoc +0 -193
data/VERSION +0 -1
data/lib/devise_security_extension/models/security_question.rb +0 -3
data/test/helper.rb +0 -17
data/test/test_devise_security_extension.rb +0 -7

data/Rakefile CHANGED Viewed

@@ -1,39 +1,23 @@
+$:.unshift File.join(File.dirname(__FILE__), 'lib')
 require 'rubygems'
 require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'rake'
+require 'rake/testtask'
+require 'rdoc/task'
+require 'devise_security_extension/version'
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "devise_security_extension"
-  gem.homepage = "http://github.com/phatworx/devise_security_extension"
-  gem.license = "MIT"
-  gem.summary = %Q{Security extension for devise}
-  gem.description = %Q{An enterprise security extension for devise, trying to meet industrial standard security demands for web applications.}
-  gem.email = "team@phatworx.de"
-  gem.authors = ["Marco Scholl", "Alexander Dreher"]
-end
-Jeweler::RubygemsDotOrgTasks.new
+desc 'Default: Run DeviseSecurityExtension unit tests'
+task default: :test
-require 'rake/testtask'
-Rake::TestTask.new(:test) do |test|
-  test.libs << 'lib' << 'test'
-  test.pattern = 'test/**/test_*.rb'
-  test.verbose = true
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.test_files = FileList['test/*test*.rb']
+  t.verbose = true
+  t.warning = false
 end
-task :default => :test
-require 'rdoc/task'
 Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+  version = DeviseSecurityExtension::VERSION.dup
   rdoc.rdoc_dir = 'rdoc'
   rdoc.title = "devise_security_extension #{version}"

data/app/controllers/devise/paranoid_verification_code_controller.rb ADDED Viewed

@@ -0,0 +1,42 @@
+class Devise::ParanoidVerificationCodeController < DeviseController
+  skip_before_filter :handle_paranoid_verification
+  prepend_before_filter :authenticate_scope!, :only => [:show, :update]
+  def show
+    if !resource.nil? && resource.need_paranoid_verification?
+      respond_with(resource)
+    else
+      redirect_to :root
+    end
+  end
+  def update
+    if resource.verify_code(resource_params[:paranoid_verification_code])
+      warden.session(scope)['paranoid_verify'] = false
+      set_flash_message :notice, :updated
+      sign_in scope, resource, :bypass => true
+      redirect_to stored_location_for(scope) || :root
+    else
+      respond_with(resource, action: :show)
+    end
+  end
+  private
+  def resource_params
+    if params.respond_to?(:permit)
+      params.require(resource_name).permit(:paranoid_verification_code)
+    else
+      params[scope].slice(:paranoid_verification_code)
+    end
+  end
+  def scope
+    resource_name.to_sym
+  end
+  def authenticate_scope!
+    send(:"authenticate_#{resource_name}!")
+    self.resource = send("current_#{resource_name}")
+  end
+end

data/app/controllers/devise/password_expired_controller.rb CHANGED Viewed

@@ -1,18 +1,16 @@
 class Devise::PasswordExpiredController < DeviseController
   skip_before_filter :handle_password_change
+  before_filter :skip_password_change, only: [:show, :update]
   prepend_before_filter :authenticate_scope!, :only => [:show, :update]
   def show
-    if not resource.nil? and resource.need_change_password?
-      respond_with(resource)
-    else
-      redirect_to :root
-    end
+    respond_with(resource)
   end
   def update
-    if resource.update_with_password(params[resource_name])
-      warden.session(scope)[:password_expired] = false
+    resource.extend(Devise::Models::DatabaseAuthenticatablePatch)
+    if resource.update_with_password(resource_params)
+      warden.session(scope)['password_expired'] = false
       set_flash_message :notice, :updated
       sign_in scope, resource, :bypass => true
       redirect_to stored_location_for(scope) || :root
@@ -24,6 +22,21 @@ class Devise::PasswordExpiredController < DeviseController
   private
+  def skip_password_change
+    return if !resource.nil? && resource.need_change_password?
+    redirect_to :root
+  end
+  def resource_params
+    permitted_params = [:current_password, :password, :password_confirmation]
+    if params.respond_to?(:permit)
+      params.require(resource_name).permit(*permitted_params)
+    else
+      params[scope].slice(*permitted_params)
+    end
+  end
   def scope
     resource_name.to_sym
   end

data/app/views/devise/paranoid_verification_code/show.html.erb ADDED Viewed

@@ -0,0 +1,10 @@
+<h2>Submit verification code</h2>
+<%= form_for(resource, :as => resource_name, :url => [resource_name, :paranoid_verification_code], :html => { :method => :put }) do |f| %>
+  <%= devise_error_messages! %>
+  <p><%= f.label :paranoid_verification_code, 'Verification code' %><br />
+  <%= f.text_field :paranoid_verification_code, value: '' %></p>
+  <p><%= f.submit "Submit" %></p>
+<% end %>

data/config/locales/de.yml CHANGED Viewed

@@ -3,8 +3,11 @@ de:
     messages:
       taken_in_past: "wurde bereits in der Vergangenheit verwendet!"
       equal_to_current_password: "darf nicht dem aktuellen Passwort entsprechen!"
+      password_format: "müssen große, kleine Buchstaben und Ziffern enthalten"
   devise:
     invalid_captcha: "Die Captchaeingabe ist nicht gültig!"
+    paranoid_verify:
+      code_required: "Bitte geben Sie den Code unser Support-Team zur Verfügung gestellt"
     password_expired:
       updated: "Das neue Passwort wurde übernommen."
       change_required: "Ihr Passwort ist abgelaufen. Bitte vergeben sie ein neues Passwort!"

data/config/locales/en.yml CHANGED Viewed

@@ -1,13 +1,16 @@
 en:
   errors:
     messages:
-      taken_in_past: "was already taken in the past!"
-      equal_to_current_password: "must be different to the current password!"
+      taken_in_past: "was used previously."
+      equal_to_current_password: "must be different than the current password."
+      password_format: "must contain big, small letters and digits"
   devise:
-    invalid_captcha: "The captcha input is not valid!"
+    invalid_captcha: "The captcha input was invalid."
+    paranoid_verify:
+      code_required: "Please enter the code our support team provided"
     password_expired:
       updated: "Your new password is saved."
-      change_required: "Your password is expired. Please renew your password!"
+      change_required: "Your password is expired. Please renew your password."
     failure:
       session_limited: 'Your login credentials were used in another browser. Please sign in again to continue in this browser.'
       expired: 'Your account has expired due to inactivity. Please contact the site administrator.'

data/config/locales/it.yml ADDED Viewed

@@ -0,0 +1,10 @@
+it:
+  errors:
+    messages:
+      taken_in_past: "e' stata gia' utilizzata in passato!"
+      equal_to_current_password: " deve essere differente dalla password corrente!"
+  devise:
+    invalid_captcha: "Il captcha inserito non e' valido!"
+    password_expired:
+      updated: "La tua nuova password e' stata salvata."
+      change_required: "La tua password e' scaduta. Si prega di rinnovarla!"

data/devise_security_extension.gemspec CHANGED Viewed

@@ -1,95 +1,31 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
+$LOAD_PATH.unshift(File.expand_path('../lib', __FILE__))
+require 'devise_security_extension/version'
 Gem::Specification.new do |s|
-  s.name = "devise_security_extension"
-  s.version = "0.7.2"
+  s.name = 'devise_security_extension'
+  s.version     = DeviseSecurityExtension::VERSION.dup
+  s.platform    = Gem::Platform::RUBY
+  s.licenses    = ['MIT']
+  s.summary     = 'Security extension for devise'
+  s.email       = 'team@phatworx.de'
+  s.homepage    = 'https://github.com/phatworx/devise_security_extension'
+  s.description = 'An enterprise security extension for devise, trying to meet industrial standard security demands for web applications.'
+  s.authors     = ['Marco Scholl', 'Alexander Dreher']
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Marco Scholl", "Alexander Dreher"]
-  s.date = "2012-11-22"
-  s.description = "An enterprise security extension for devise, trying to meet industrial standard security demands for web applications."
-  s.email = "team@phatworx.de"
-  s.extra_rdoc_files = [
-    "LICENSE.txt",
-    "README.rdoc"
-  ]
-  s.files = [
-    ".document",
-    "Gemfile",
-    "Gemfile.lock",
-    "LICENSE.txt",
-    "README.rdoc",
-    "Rakefile",
-    "VERSION",
-    "app/controllers/devise/password_expired_controller.rb",
-    "app/views/devise/password_expired/show.html.erb",
-    "config/locales/de.yml",
-    "config/locales/en.yml",
-    "devise_security_extension.gemspec",
-    "lib/devise_security_extension.rb",
-    "lib/devise_security_extension/controllers/helpers.rb",
-    "lib/devise_security_extension/hooks/expirable.rb",
-    "lib/devise_security_extension/hooks/password_expirable.rb",
-    "lib/devise_security_extension/hooks/session_limitable.rb",
-    "lib/devise_security_extension/models/expirable.rb",
-    "lib/devise_security_extension/models/old_password.rb",
-    "lib/devise_security_extension/models/password_archivable.rb",
-    "lib/devise_security_extension/models/password_expirable.rb",
-    "lib/devise_security_extension/models/secure_validatable.rb",
-    "lib/devise_security_extension/models/security_question.rb",
-    "lib/devise_security_extension/models/security_questionable.rb",
-    "lib/devise_security_extension/models/session_limitable.rb",
-    "lib/devise_security_extension/orm/active_record.rb",
-    "lib/devise_security_extension/patches.rb",
-    "lib/devise_security_extension/patches/confirmations_controller_captcha.rb",
-    "lib/devise_security_extension/patches/confirmations_controller_security_question.rb",
-    "lib/devise_security_extension/patches/passwords_controller_captcha.rb",
-    "lib/devise_security_extension/patches/passwords_controller_security_question.rb",
-    "lib/devise_security_extension/patches/registrations_controller_captcha.rb",
-    "lib/devise_security_extension/patches/sessions_controller_captcha.rb",
-    "lib/devise_security_extension/patches/unlocks_controller_captcha.rb",
-    "lib/devise_security_extension/patches/unlocks_controller_security_question.rb",
-    "lib/devise_security_extension/rails.rb",
-    "lib/devise_security_extension/routes.rb",
-    "lib/devise_security_extension/schema.rb",
-    "lib/generators/devise_security_extension/install_generator.rb",
-    "test/helper.rb",
-    "test/test_devise_security_extension.rb"
-  ]
-  s.homepage = "http://github.com/phatworx/devise_security_extension"
-  s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.24"
-  s.summary = "Security extension for devise"
+  s.rubyforge_project = 'devise_security_extension'
-  if s.respond_to? :specification_version then
-    s.specification_version = 3
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- test/*`.split("\n")
+  s.require_paths = ['lib']
+  s.required_ruby_version = '>= 1.9.3'
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<rails>, [">= 3.1.1"])
-      s.add_runtime_dependency(%q<devise>, [">= 2.0.0"])
-      s.add_development_dependency(%q<rails_email_validator>, [">= 0"])
-      s.add_development_dependency(%q<easy_captcha>, [">= 0"])
-      s.add_development_dependency(%q<bundler>, [">= 1.0.0"])
-      s.add_development_dependency(%q<jeweler>, ["~> 1.8.4"])
-    else
-      s.add_dependency(%q<rails>, [">= 3.1.1"])
-      s.add_dependency(%q<devise>, [">= 2.0.0"])
-      s.add_dependency(%q<rails_email_validator>, [">= 0"])
-      s.add_dependency(%q<easy_captcha>, [">= 0"])
-      s.add_dependency(%q<bundler>, [">= 1.0.0"])
-      s.add_dependency(%q<jeweler>, ["~> 1.8.4"])
-    end
-  else
-    s.add_dependency(%q<rails>, [">= 3.1.1"])
-    s.add_dependency(%q<devise>, [">= 2.0.0"])
-    s.add_dependency(%q<rails_email_validator>, [">= 0"])
-    s.add_dependency(%q<easy_captcha>, [">= 0"])
-    s.add_dependency(%q<bundler>, [">= 1.0.0"])
-    s.add_dependency(%q<jeweler>, ["~> 1.8.4"])
-  end
+  s.add_runtime_dependency 'railties', '>= 3.2.6', '< 5.0'
+  s.add_runtime_dependency 'devise', '>= 3.0.0', '< 4.0'
+  s.add_development_dependency 'bundler', '>= 1.3.0', '< 2.0'
+  s.add_development_dependency 'sqlite3', '~> 1.3.10'
+  s.add_development_dependency 'rubocop', '~> 0'
+  s.add_development_dependency 'minitest'
+  s.add_development_dependency 'easy_captcha', '~> 0'
+  s.add_development_dependency 'rails_email_validator', '~> 0'
 end

data/lib/devise_security_extension/controllers/helpers.rb CHANGED Viewed

@@ -5,13 +5,14 @@ module DeviseSecurityExtension
       included do
         before_filter :handle_password_change
+        before_filter :handle_paranoid_verification
       end
       module ClassMethods
         # helper for captcha
         def init_recover_password_captcha
           include RecoverPasswordCaptcha
-        end
+        end
       end
       module RecoverPasswordCaptcha
@@ -26,11 +27,33 @@ module DeviseSecurityExtension
         # lookup if an password change needed
         def handle_password_change
+          return if warden.nil?
           if not devise_controller? and not ignore_password_expire? and not request.format.nil? and request.format.html?
             Devise.mappings.keys.flatten.any? do |scope|
-              if signed_in?(scope) and warden.session(scope)[:password_expired]
-                session["#{scope}_return_to"] = request.path if request.get?
-                redirect_for_password_change scope
+              if signed_in?(scope) and warden.session(scope)['password_expired']
+                # re-check to avoid infinite loop if date changed after login attempt
+                if send(:"current_#{scope}").try(:need_change_password?)
+                  session["#{scope}_return_to"] = request.original_fullpath if request.get?
+                  redirect_for_password_change scope
+                  return
+                else
+                  warden.session(scope)[:password_expired] = false
+                end
+              end
+            end
+          end
+        end
+        # lookup if extra (paranoid) code verification is needed
+        def handle_paranoid_verification
+          return if warden.nil?
+          if !devise_controller? && !request.format.nil? && request.format.html?
+            Devise.mappings.keys.flatten.any? do |scope|
+              if signed_in?(scope) && warden.session(scope)['paranoid_verify']
+                session["#{scope}_return_to"] = request.original_fullpath if request.get?
+                redirect_for_paranoid_verification scope
                 return
               end
             end
@@ -42,15 +65,25 @@ module DeviseSecurityExtension
           redirect_to change_password_required_path_for(scope), :alert => I18n.t('change_required', {:scope => 'devise.password_expired'})
         end
+        def redirect_for_paranoid_verification(scope)
+          redirect_to paranoid_verification_code_path_for(scope), :alert => I18n.t('code_required', {:scope => 'devise.paranoid_verify'})
+        end
         # path for change password
         def change_password_required_path_for(resource_or_scope = nil)
           scope       = Devise::Mapping.find_scope!(resource_or_scope)
           change_path = "#{scope}_password_expired_path"
           send(change_path)
         end
+        def paranoid_verification_code_path_for(resource_or_scope = nil)
+          scope       = Devise::Mapping.find_scope!(resource_or_scope)
+          change_path = "#{scope}_paranoid_verification_code_path"
+          send(change_path)
+        end
         protected
         # allow to overwrite for some special handlings
         def ignore_password_expire?
           false

data/lib/devise_security_extension/hooks/paranoid_verification.rb ADDED Viewed

@@ -0,0 +1,5 @@
+Warden::Manager.after_set_user do |record, warden, options|
+  if record.respond_to?(:need_paranoid_verification?)
+    warden.session(options[:scope])['paranoid_verify'] = record.need_paranoid_verification?
+  end
+end

data/lib/devise_security_extension/hooks/password_expirable.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 Warden::Manager.after_authentication do |record, warden, options|
   if record.respond_to?(:need_change_password?)
-    warden.session(options[:scope])[:password_expired] = record.need_change_password?
+    warden.session(options[:scope])['password_expired'] = record.need_change_password?
   end
 end

data/lib/devise_security_extension/hooks/session_limitable.rb CHANGED Viewed

@@ -17,10 +17,11 @@ Warden::Manager.after_set_user :only => :fetch do |record, warden, options|
   scope = options[:scope]
   env   = warden.request.env
-  if warden.authenticated?(scope) && options[:store] != false
+  if record.respond_to?(:unique_session_id) && warden.authenticated?(scope) && options[:store] != false
     if record.unique_session_id != warden.session(scope)['unique_session_id'] && !env['devise.skip_session_limitable']
+      warden.raw_session.clear
       warden.logout(scope)
       throw :warden, :scope => scope, :message => :session_limited
     end
   end
-end
+end

data/lib/devise_security_extension/models/database_authenticatable_patch.rb ADDED Viewed

@@ -0,0 +1,26 @@
+module Devise
+  module Models
+    module DatabaseAuthenticatablePatch
+      def update_with_password(params, *options)
+        current_password = params.delete(:current_password)
+        new_password = params[:password]
+        new_password_confirmation = params[:password_confirmation]
+        result = if valid_password?(current_password) && new_password.present? && new_password_confirmation.present?
+          update_attributes(params, *options)
+        else
+          self.assign_attributes(params, *options)
+          self.valid?
+          self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
+          self.errors.add(:password, new_password.blank? ? :blank : :invalid)
+          self.errors.add(:password_confirmation, new_password_confirmation.blank? ? :blank : :invalid)
+          false
+        end
+        clean_up_passwords
+        result
+      end
+    end
+  end
+end

data/lib/devise_security_extension/models/expirable.rb CHANGED Viewed

@@ -20,8 +20,7 @@ module Devise
       # Updates +last_activity_at+, called from a Warden::Manager.after_set_user hook.
       def update_last_activity!
-        self.last_activity_at = Time.now.utc
-        save(:validate => false)
+        self.update_column(:last_activity_at, Time.now.utc)
       end
       # Tells if the account has expired

data/lib/devise_security_extension/models/old_password.rb CHANGED Viewed

@@ -1,5 +1,4 @@
+require 'active_record'
 class OldPassword < ActiveRecord::Base
   belongs_to :password_archivable, :polymorphic => true
-  attr_accessible :encrypted_password, :password_salt
 end

data/lib/devise_security_extension/models/paranoid_verification.rb ADDED Viewed

@@ -0,0 +1,35 @@
+require 'devise_security_extension/hooks/paranoid_verification'
+module Devise
+  module Models
+    # PasswordExpirable takes care of change password after
+    module ParanoidVerification
+      extend ActiveSupport::Concern
+      def need_paranoid_verification?
+        !!paranoid_verification_code
+      end
+      def verify_code(code)
+        attempt = paranoid_verification_attempt
+        if (attempt += 1) >= Devise.paranoid_code_regenerate_after_attempt
+          generate_paranoid_code
+        elsif code == paranoid_verification_code
+          attempt = 0
+          update_without_password paranoid_verification_code: nil, paranoid_verified_at: Time.now, paranoid_verification_attempt: attempt
+        else
+          update_without_password paranoid_verification_attempt: attempt
+        end
+      end
+      def paranoid_attempts_remaining
+        Devise.paranoid_code_regenerate_after_attempt - paranoid_verification_attempt
+      end
+      def generate_paranoid_code
+        update_without_password paranoid_verification_code: Devise.verification_code_generator.call(), paranoid_verification_attempt: 0
+      end
+    end
+  end
+end

data/lib/devise_security_extension/models/password_archivable.rb CHANGED Viewed

@@ -18,8 +18,8 @@ module Devise
       # validate is the password used in the past
       def password_archive_included?
         unless self.class.deny_old_passwords.is_a? Fixnum
-          if self.class.deny_old_passwords.is_a? TrueClass and self.class.password_archiving_count > 0
-            self.class.deny_old_passwords = self.class.password_archiving_count
+          if self.class.deny_old_passwords.is_a? TrueClass and archive_count > 0
+            self.class.deny_old_passwords = archive_count
           else
             self.class.deny_old_passwords = 0
           end
@@ -31,14 +31,13 @@ module Devise
           old_passwords_including_cur_change.each do |old_password|
             dummy                    = self.class.new
             dummy.encrypted_password = old_password.encrypted_password
-            dummy.password_salt      = old_password.password_salt if dummy.respond_to?(:password_salt)
             return true if dummy.valid_password?(self.password)
           end
         end
         false
       end
       def password_changed_to_same?
         pass_change = encrypted_password_change
         pass_change && pass_change.first == pass_change.last
@@ -46,23 +45,24 @@ module Devise
       private
+      def archive_count
+        self.class.password_archiving_count
+      end
       # archive the last password before save and delete all to old passwords from archive
       def archive_password
         if self.encrypted_password_changed?
-          if self.class.password_archiving_count.to_i > 0
+          if archive_count.to_i > 0
             self.old_passwords.create! old_password_params
-            self.old_passwords.order(:id).reverse_order.offset(self.class.password_archiving_count).destroy_all
+            self.old_passwords.order(:id).reverse_order.offset(archive_count).destroy_all
           else
             self.old_passwords.destroy_all
           end
         end
       end
       def old_password_params
-        salt_change = if self.respond_to?(:password_salt_change) and not self.password_salt_change.nil?
-          self.password_salt_change.first
-        end
-        { :encrypted_password => self.encrypted_password_change.first, :password_salt => salt_change }
+        { encrypted_password: self.encrypted_password_change.first }
       end
       module ClassMethods

data/lib/devise_security_extension/models/password_expirable.rb CHANGED Viewed

@@ -13,8 +13,8 @@ module Devise
       # is an password change required?
       def need_change_password?
-        if self.class.expire_password_after.is_a? Fixnum or self.class.expire_password_after.is_a? Float
-          self.password_changed_at.nil? or self.password_changed_at < self.class.expire_password_after.ago
+        if self.expire_password_after.is_a? Fixnum or self.expire_password_after.is_a? Float
+          self.password_changed_at.nil? or self.password_changed_at < self.expire_password_after.ago
         else
           false
         end
@@ -22,7 +22,7 @@ module Devise
       # set a fake datetime so a password change is needed and save the record
       def need_change_password!
-        if self.class.expire_password_after.is_a? Fixnum or self.class.expire_password_after.is_a? Float
+        if self.expire_password_after.is_a? Fixnum or self.expire_password_after.is_a? Float
           need_change_password
           self.save(:validate => false)
         end
@@ -30,8 +30,8 @@ module Devise
       # set a fake datetime so a password change is needed
       def need_change_password
-        if self.class.expire_password_after.is_a? Fixnum or self.class.expire_password_after.is_a? Float
-          self.password_changed_at = self.class.expire_password_after.ago
+        if self.expire_password_after.is_a? Fixnum or self.expire_password_after.is_a? Float
+          self.password_changed_at = self.expire_password_after.ago
         end
         # is date not set it will set default to need set new password next login
@@ -39,6 +39,10 @@ module Devise
         self.password_changed_at
       end
+      def expire_password_after
+        self.class.expire_password_after
+      end
       private