RubyGems - devise_security_extension - Versions diffs - 0.7.2 → 0.10.0 - Mend

devise_security_extension 0.7.2 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

checksums.yaml +7 -0
data/.gitignore +39 -0
data/.rubocop.yml +38 -0
data/Gemfile +2 -15
data/Gemfile.lock +157 -112
data/README.md +264 -0
data/Rakefile +13 -29
data/app/controllers/devise/paranoid_verification_code_controller.rb +42 -0
data/app/controllers/devise/password_expired_controller.rb +20 -7
data/app/views/devise/paranoid_verification_code/show.html.erb +10 -0
data/config/locales/de.yml +3 -0
data/config/locales/en.yml +7 -4
data/config/locales/it.yml +10 -0
data/devise_security_extension.gemspec +24 -88
data/lib/devise_security_extension/controllers/helpers.rb +40 -7
data/lib/devise_security_extension/hooks/paranoid_verification.rb +5 -0
data/lib/devise_security_extension/hooks/password_expirable.rb +1 -1
data/lib/devise_security_extension/hooks/session_limitable.rb +3 -2
data/lib/devise_security_extension/models/database_authenticatable_patch.rb +26 -0
data/lib/devise_security_extension/models/expirable.rb +1 -2
data/lib/devise_security_extension/models/old_password.rb +1 -2
data/lib/devise_security_extension/models/paranoid_verification.rb +35 -0
data/lib/devise_security_extension/models/password_archivable.rb +11 -11
data/lib/devise_security_extension/models/password_expirable.rb +9 -5
data/lib/devise_security_extension/models/secure_validatable.rb +35 -9
data/lib/devise_security_extension/models/security_questionable.rb +4 -1
data/lib/devise_security_extension/patches/confirmations_controller_captcha.rb +3 -1
data/lib/devise_security_extension/patches/confirmations_controller_security_question.rb +3 -1
data/lib/devise_security_extension/patches/passwords_controller_captcha.rb +3 -1
data/lib/devise_security_extension/patches/passwords_controller_security_question.rb +3 -1
data/lib/devise_security_extension/patches/registrations_controller_captcha.rb +11 -8
data/lib/devise_security_extension/patches/sessions_controller_captcha.rb +8 -5
data/lib/devise_security_extension/patches/unlocks_controller_captcha.rb +3 -1
data/lib/devise_security_extension/patches/unlocks_controller_security_question.rb +3 -1
data/lib/devise_security_extension/routes.rb +4 -0
data/lib/devise_security_extension/version.rb +3 -0
data/lib/devise_security_extension.rb +20 -10
data/lib/generators/devise_security_extension/install_generator.rb +16 -33
data/lib/generators/templates/devise_security_extension.rb +38 -0
data/test/dummy/Rakefile +6 -0
data/test/dummy/app/controllers/application_controller.rb +2 -0
data/test/dummy/app/controllers/foos_controller.rb +0 -0
data/test/dummy/app/models/.gitkeep +0 -0
data/test/dummy/app/models/user.rb +4 -0
data/test/dummy/app/views/foos/index.html.erb +0 -0
data/test/dummy/config/application.rb +24 -0
data/test/dummy/config/boot.rb +6 -0
data/test/dummy/config/database.yml +7 -0
data/test/dummy/config/environment.rb +5 -0
data/test/dummy/config/environments/test.rb +21 -0
data/test/dummy/config/initializers/devise.rb +9 -0
data/test/dummy/config/routes.rb +6 -0
data/test/dummy/config/secrets.yml +3 -0
data/test/dummy/config.ru +4 -0
data/test/dummy/db/migrate/20120508165529_create_tables.rb +26 -0
data/test/dummy/db/migrate/20150402165590_add_verification_columns.rb +11 -0
data/test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb +9 -0
data/test/test_helper.rb +10 -0
data/test/test_install_generator.rb +16 -0
data/test/test_paranoid_verification.rb +124 -0
data/test/test_password_archivable.rb +61 -0
data/test/test_password_expired_controller.rb +24 -0
metadata +142 -62
data/README.rdoc +0 -193
data/VERSION +0 -1
data/lib/devise_security_extension/models/security_question.rb +0 -3
data/test/helper.rb +0 -17
data/test/test_devise_security_extension.rb +0 -7

data/test/test_paranoid_verification.rb ADDED Viewed

@@ -0,0 +1,124 @@
+require 'test_helper'
+class TestPasswordVerifiable < ActiveSupport::TestCase
+  test 'need to paranoid verify if code present' do
+    user = User.new
+    user.generate_paranoid_code
+    assert_equal(true, user.need_paranoid_verification?)
+  end
+  test 'no need to paranoid verify if no code' do
+    user = User.new
+    assert_equal(false, user.need_paranoid_verification?)
+  end
+  test 'generate code' do
+    user = User.new
+    user.generate_paranoid_code
+    assert_equal(0, user.paranoid_verification_attempt)
+    user.verify_code('wrong')
+    assert_equal(1, user.paranoid_verification_attempt)
+    user.generate_paranoid_code
+    assert_equal(0, user.paranoid_verification_attempt)
+  end
+  test "generate code must reset attempt counter" do
+    user = User.new
+    user.generate_paranoid_code
+    # default generator generates 5 char string
+    assert_equal(user.paranoid_verification_code.class, String)
+    assert_equal(user.paranoid_verification_code.length, 5)
+  end
+  test "when code match upon verify code, should mark record that it's no loger needed to verify" do
+    user = User.new(paranoid_verification_code: 'abcde')
+    assert_equal(true, user.need_paranoid_verification?)
+    user.verify_code('abcde')
+    assert_equal(false, user.need_paranoid_verification?)
+  end
+  test 'when code match upon verify code, should no longer need verification' do
+    user = User.new(paranoid_verification_code: 'abcde')
+    assert_equal(true, user.need_paranoid_verification?)
+    user.verify_code('abcde')
+    assert_equal(false, user.need_paranoid_verification?)
+  end
+  test 'when code match upon verification code, should set when verification was accepted' do
+    user = User.new(paranoid_verification_code: 'abcde')
+    user.verify_code('abcde')
+    assert_in_delta(4, Time.now.to_i, user.paranoid_verified_at.to_i)
+  end
+  test 'when code not match upon verify code, should still need verification' do
+    user = User.new(paranoid_verification_code: 'abcde')
+    user.verify_code('wrong')
+    assert_equal(true, user.need_paranoid_verification?)
+  end
+  test 'when code not match upon verification code, should not set paranoid_verified_at' do
+    user = User.new(paranoid_verification_code: 'abcde')
+    user.verify_code('wrong')
+    assert_equal(nil, user.paranoid_verified_at)
+  end
+  test 'when code not match upon verification code too many attempts should generate new code' do
+    original_regenerate = Devise.paranoid_code_regenerate_after_attempt
+    Devise.paranoid_code_regenerate_after_attempt = 2
+    user = User.create(paranoid_verification_code: 'abcde')
+    user.verify_code('wrong')
+    assert_equal 'abcde', user.paranoid_verification_code
+    user.verify_code('wrong-again')
+    assert_not_equal 'abcde', user.paranoid_verification_code
+    Devise.paranoid_code_regenerate_after_attempt = original_regenerate
+  end
+  test 'upon generating new code due to too many attempts reset attempt counter' do
+    original_regenerate = Devise.paranoid_code_regenerate_after_attempt
+    Devise.paranoid_code_regenerate_after_attempt = 3
+    user = User.create(paranoid_verification_code: 'abcde')
+    user.verify_code('wrong')
+    assert_equal 1, user.paranoid_verification_attempt
+    user.verify_code('wrong-again')
+    assert_equal 2, user.paranoid_verification_attempt
+    user.verify_code('WRONG!')
+    assert_equal 0, user.paranoid_verification_attempt
+    Devise.paranoid_code_regenerate_after_attempt = original_regenerate
+  end
+  test 'by default paranoid code regenerate should have 10 attempts' do
+    user = User.new(paranoid_verification_code: 'abcde')
+    assert_equal 10, user.paranoid_attempts_remaining
+  end
+  test 'paranoid_attempts_remaining should re-callculate how many attemps remains after each wrong attempt' do
+    original_regenerate = Devise.paranoid_code_regenerate_after_attempt
+    Devise.paranoid_code_regenerate_after_attempt = 2
+    user = User.create(paranoid_verification_code: 'abcde')
+    assert_equal 2, user.paranoid_attempts_remaining
+    user.verify_code('WRONG!')
+    assert_equal 1, user.paranoid_attempts_remaining
+    Devise.paranoid_code_regenerate_after_attempt = original_regenerate
+  end
+  test 'when code not match upon verification code too many times, reset paranoid_attempts_remaining' do
+    original_regenerate = Devise.paranoid_code_regenerate_after_attempt
+    Devise.paranoid_code_regenerate_after_attempt = 1
+    user = User.create(paranoid_verification_code: 'abcde')
+    user.verify_code('wrong') # at this point code was regenerated
+    assert_equal Devise.paranoid_code_regenerate_after_attempt, user.paranoid_attempts_remaining
+    Devise.paranoid_code_regenerate_after_attempt = original_regenerate
+  end
+end

data/test/test_password_archivable.rb ADDED Viewed

@@ -0,0 +1,61 @@
+require 'test_helper'
+class TestPasswordArchivable < ActiveSupport::TestCase
+  setup do
+    Devise.password_archiving_count = 2
+  end
+  teardown do
+    Devise.password_archiving_count = 1
+  end
+  def set_password(user, password)
+    user.password = password
+    user.password_confirmation = password
+    user.save!
+  end
+  test 'cannot use same password' do
+    user = User.create password: 'password1', password_confirmation: 'password1'
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password1') }
+  end
+  test 'cannot use archived passwords' do
+    assert_equal 2, Devise.password_archiving_count
+    user = User.create password: 'password1', password_confirmation: 'password1'
+    assert_equal 0, OldPassword.count
+    set_password(user,  'password2')
+    assert_equal 1, OldPassword.count
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password1') }
+    set_password(user,  'password3')
+    assert_equal 2, OldPassword.count
+    # rotate first password out of archive
+    assert set_password(user,  'password4')
+    # archive count was 2, so first password should work again
+    assert set_password(user,  'password1')
+    assert set_password(user,  'password2')
+  end
+  test 'the option should be dynamic during runtime' do
+    class ::User
+      def archive_count
+        1
+      end
+    end
+    user = User.create password: 'password1', password_confirmation: 'password1'
+    assert set_password(user,  'password2')
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password2') }
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password1') }
+  end
+end

data/test/test_password_expired_controller.rb ADDED Viewed

@@ -0,0 +1,24 @@
+require 'test_helper'
+class Devise::PasswordExpiredControllerTest < ActionController::TestCase
+  include Devise::TestHelpers
+  setup do
+    @request.env["devise.mapping"] = Devise.mappings[:user]
+    @user = User.create(username: 'hello', email: 'hello@path.travel',
+                        password: '1234', password_changed_at: 3.months.ago)
+    sign_in(@user)
+  end
+  test 'should render show' do
+    get :show
+    assert_template :show
+  end
+  test 'shold update password' do
+    put :update, user: { current_password: '1234', password: '12345',
+                          password_confirmation: '12345' }
+    assert_redirected_to root_path
+  end
+end

metadata CHANGED Viewed

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise_security_extension
 version: !ruby/object:Gem::Version
-  version: 0.7.2
-  prerelease:
+  version: 0.10.0
 platform: ruby
 authors:
 - Marco Scholl
@@ -10,136 +9,174 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-11-22 00:00:00.000000000 Z
+date: 2016-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: railties
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.1
+        version: 3.2.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.6
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 3.1.1
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 3.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
-  name: rails_email_validator
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.10
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.10
+- !ruby/object:Gem::Dependency
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: easy_captcha
+  name: minitest
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: easy_captcha
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: jeweler
+  name: rails_email_validator
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.4
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.4
+        version: '0'
 description: An enterprise security extension for devise, trying to meet industrial
   standard security demands for web applications.
 email: team@phatworx.de
 executables: []
 extensions: []
-extra_rdoc_files:
-- LICENSE.txt
-- README.rdoc
+extra_rdoc_files: []
 files:
-- .document
+- ".document"
+- ".gitignore"
+- ".rubocop.yml"
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
-- README.rdoc
+- README.md
 - Rakefile
-- VERSION
+- app/controllers/devise/paranoid_verification_code_controller.rb
 - app/controllers/devise/password_expired_controller.rb
+- app/views/devise/paranoid_verification_code/show.html.erb
 - app/views/devise/password_expired/show.html.erb
 - config/locales/de.yml
 - config/locales/en.yml
+- config/locales/it.yml
 - devise_security_extension.gemspec
 - lib/devise_security_extension.rb
 - lib/devise_security_extension/controllers/helpers.rb
 - lib/devise_security_extension/hooks/expirable.rb
+- lib/devise_security_extension/hooks/paranoid_verification.rb
 - lib/devise_security_extension/hooks/password_expirable.rb
 - lib/devise_security_extension/hooks/session_limitable.rb
+- lib/devise_security_extension/models/database_authenticatable_patch.rb
 - lib/devise_security_extension/models/expirable.rb
 - lib/devise_security_extension/models/old_password.rb
+- lib/devise_security_extension/models/paranoid_verification.rb
 - lib/devise_security_extension/models/password_archivable.rb
 - lib/devise_security_extension/models/password_expirable.rb
 - lib/devise_security_extension/models/secure_validatable.rb
-- lib/devise_security_extension/models/security_question.rb
 - lib/devise_security_extension/models/security_questionable.rb
 - lib/devise_security_extension/models/session_limitable.rb
 - lib/devise_security_extension/orm/active_record.rb
@@ -155,35 +192,78 @@ files:
 - lib/devise_security_extension/rails.rb
 - lib/devise_security_extension/routes.rb
 - lib/devise_security_extension/schema.rb
+- lib/devise_security_extension/version.rb
 - lib/generators/devise_security_extension/install_generator.rb
-- test/helper.rb
-- test/test_devise_security_extension.rb
-homepage: http://github.com/phatworx/devise_security_extension
+- lib/generators/templates/devise_security_extension.rb
+- test/dummy/Rakefile
+- test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/foos_controller.rb
+- test/dummy/app/models/.gitkeep
+- test/dummy/app/models/user.rb
+- test/dummy/app/views/foos/index.html.erb
+- test/dummy/config.ru
+- test/dummy/config/application.rb
+- test/dummy/config/boot.rb
+- test/dummy/config/database.yml
+- test/dummy/config/environment.rb
+- test/dummy/config/environments/test.rb
+- test/dummy/config/initializers/devise.rb
+- test/dummy/config/routes.rb
+- test/dummy/config/secrets.yml
+- test/dummy/db/migrate/20120508165529_create_tables.rb
+- test/dummy/db/migrate/20150402165590_add_verification_columns.rb
+- test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb
+- test/test_helper.rb
+- test/test_install_generator.rb
+- test/test_paranoid_verification.rb
+- test/test_password_archivable.rb
+- test/test_password_expired_controller.rb
+homepage: https://github.com/phatworx/devise_security_extension
 licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
-      segments:
-      - 0
-      hash: 2180026344185734924
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 1.8.24
+rubyforge_project: devise_security_extension
+rubygems_version: 2.4.2
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Security extension for devise
-test_files: []
+test_files:
+- test/dummy/Rakefile
+- test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/foos_controller.rb
+- test/dummy/app/models/.gitkeep
+- test/dummy/app/models/user.rb
+- test/dummy/app/views/foos/index.html.erb
+- test/dummy/config.ru
+- test/dummy/config/application.rb
+- test/dummy/config/boot.rb
+- test/dummy/config/database.yml
+- test/dummy/config/environment.rb
+- test/dummy/config/environments/test.rb
+- test/dummy/config/initializers/devise.rb
+- test/dummy/config/routes.rb
+- test/dummy/config/secrets.yml
+- test/dummy/db/migrate/20120508165529_create_tables.rb
+- test/dummy/db/migrate/20150402165590_add_verification_columns.rb
+- test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb
+- test/test_helper.rb
+- test/test_install_generator.rb
+- test/test_paranoid_verification.rb
+- test/test_password_archivable.rb
+- test/test_password_expired_controller.rb
+has_rdoc: