devise_security_extension 0.9.2 → 0.10.0

data/test/dummy/config/secrets.yml

@@ -0,0 +1,3 @@
+test:
+  secret_token: 'fooooooooooo'
+  secret_key_base: 'fuuuuuuuuuuu'

data/test/dummy/db/migrate/20120508165529_create_tables.rb

@@ -5,15 +5,15 @@ class CreateTables < ActiveRecord::Migration
       t.string :facebook_token
 
       ## Database authenticatable
-      t.string :email,              :null => false, :default => ""
-      t.string :encrypted_password, :null => false, :default => ""
+      t.string :email,              null: false, default: ''
+      t.string :encrypted_password, null: false, default: ''
 
-      t.timestamps
+      t.datetime :password_changed_at
+      t.timestamps null: false
     end
 
     create_table :old_passwords do |t|
       t.string :encrypted_password
-      t.string :password_salt
 
       t.references :password_archivable, polymorphic: true
     end

data/test/dummy/db/migrate/20150402165590_add_verification_columns.rb

@@ -0,0 +1,11 @@
+class AddVerificationColumns < ActiveRecord::Migration
+  def self.up
+    add_column :users, :paranoid_verification_code, :string
+    add_column :users, :paranoid_verified_at, :datetime
+  end
+
+  def self.down
+    remove_column :users, :paranoid_verification_code
+    remove_column :users, :paranoid_verified_at
+  end
+end

data/test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb

@@ -0,0 +1,9 @@
+class AddVerificationAttemptColumn < ActiveRecord::Migration
+  def self.up
+    add_column :users, :paranoid_verification_attempt, :integer, default: 0
+  end
+
+  def self.down
+    remove_column :users, :paranoid_verification_attempt
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,10 @@
+ENV['RAILS_ENV'] ||= 'test'
+
+require 'dummy/config/environment'
+require 'minitest/autorun'
+require 'rails/test_help'
+require 'devise_security_extension'
+
+ActiveRecord::Migration.verbose = false
+ActiveRecord::Base.logger = Logger.new(nil)
+ActiveRecord::Migrator.migrate(File.expand_path('../dummy/db/migrate', __FILE__))

data/test/test_install_generator.rb

@@ -0,0 +1,16 @@
+require 'test_helper'
+require 'rails/generators/test_case'
+require 'generators/devise_security_extension/install_generator'
+
+class TestInstallGenerator < Rails::Generators::TestCase
+  tests DeviseSecurityExtension::Generators::InstallGenerator
+  destination File.expand_path('../tmp', __FILE__)
+  setup :prepare_destination
+
+  test 'Assert all files are properly created' do
+    run_generator
+    assert_file 'config/initializers/devise_security_extension.rb'
+    assert_file 'config/locales/devise.security_extension.en.yml'
+    assert_file 'config/locales/devise.security_extension.de.yml'
+  end
+end

data/test/test_paranoid_verification.rb

@@ -0,0 +1,124 @@
+require 'test_helper'
+
+class TestPasswordVerifiable < ActiveSupport::TestCase
+  test 'need to paranoid verify if code present' do
+    user = User.new
+    user.generate_paranoid_code
+    assert_equal(true, user.need_paranoid_verification?)
+  end
+
+  test 'no need to paranoid verify if no code' do
+    user = User.new
+    assert_equal(false, user.need_paranoid_verification?)
+  end
+
+  test 'generate code' do
+    user = User.new
+    user.generate_paranoid_code
+    assert_equal(0, user.paranoid_verification_attempt)
+    user.verify_code('wrong')
+    assert_equal(1, user.paranoid_verification_attempt)
+    user.generate_paranoid_code
+    assert_equal(0, user.paranoid_verification_attempt)
+  end
+
+  test "generate code must reset attempt counter" do
+    user = User.new
+    user.generate_paranoid_code
+    # default generator generates 5 char string
+    assert_equal(user.paranoid_verification_code.class, String)
+    assert_equal(user.paranoid_verification_code.length, 5)
+  end
+
+  test "when code match upon verify code, should mark record that it's no loger needed to verify" do
+    user = User.new(paranoid_verification_code: 'abcde')
+
+    assert_equal(true, user.need_paranoid_verification?)
+    user.verify_code('abcde')
+    assert_equal(false, user.need_paranoid_verification?)
+  end
+
+  test 'when code match upon verify code, should no longer need verification' do
+    user = User.new(paranoid_verification_code: 'abcde')
+
+    assert_equal(true, user.need_paranoid_verification?)
+    user.verify_code('abcde')
+    assert_equal(false, user.need_paranoid_verification?)
+  end
+
+  test 'when code match upon verification code, should set when verification was accepted' do
+    user = User.new(paranoid_verification_code: 'abcde')
+    user.verify_code('abcde')
+    assert_in_delta(4, Time.now.to_i, user.paranoid_verified_at.to_i)
+  end
+
+  test 'when code not match upon verify code, should still need verification' do
+    user = User.new(paranoid_verification_code: 'abcde')
+    user.verify_code('wrong')
+    assert_equal(true, user.need_paranoid_verification?)
+  end
+
+  test 'when code not match upon verification code, should not set paranoid_verified_at' do
+    user = User.new(paranoid_verification_code: 'abcde')
+    user.verify_code('wrong')
+    assert_equal(nil, user.paranoid_verified_at)
+  end
+
+  test 'when code not match upon verification code too many attempts should generate new code' do
+    original_regenerate = Devise.paranoid_code_regenerate_after_attempt
+    Devise.paranoid_code_regenerate_after_attempt = 2
+
+    user = User.create(paranoid_verification_code: 'abcde')
+    user.verify_code('wrong')
+    assert_equal 'abcde', user.paranoid_verification_code
+    user.verify_code('wrong-again')
+    assert_not_equal 'abcde', user.paranoid_verification_code
+
+    Devise.paranoid_code_regenerate_after_attempt = original_regenerate
+  end
+
+  test 'upon generating new code due to too many attempts reset attempt counter' do
+    original_regenerate = Devise.paranoid_code_regenerate_after_attempt
+    Devise.paranoid_code_regenerate_after_attempt = 3
+
+    user = User.create(paranoid_verification_code: 'abcde')
+    user.verify_code('wrong')
+    assert_equal 1, user.paranoid_verification_attempt
+    user.verify_code('wrong-again')
+    assert_equal 2, user.paranoid_verification_attempt
+    user.verify_code('WRONG!')
+    assert_equal 0, user.paranoid_verification_attempt
+
+    Devise.paranoid_code_regenerate_after_attempt = original_regenerate
+  end
+
+
+  test 'by default paranoid code regenerate should have 10 attempts' do
+    user = User.new(paranoid_verification_code: 'abcde')
+    assert_equal 10, user.paranoid_attempts_remaining
+  end
+
+  test 'paranoid_attempts_remaining should re-callculate how many attemps remains after each wrong attempt' do
+    original_regenerate = Devise.paranoid_code_regenerate_after_attempt
+    Devise.paranoid_code_regenerate_after_attempt = 2
+
+    user = User.create(paranoid_verification_code: 'abcde')
+    assert_equal 2, user.paranoid_attempts_remaining
+
+    user.verify_code('WRONG!')
+    assert_equal 1, user.paranoid_attempts_remaining
+
+    Devise.paranoid_code_regenerate_after_attempt = original_regenerate
+  end
+
+  test 'when code not match upon verification code too many times, reset paranoid_attempts_remaining' do
+    original_regenerate = Devise.paranoid_code_regenerate_after_attempt
+    Devise.paranoid_code_regenerate_after_attempt = 1
+
+    user = User.create(paranoid_verification_code: 'abcde')
+    user.verify_code('wrong') # at this point code was regenerated
+    assert_equal Devise.paranoid_code_regenerate_after_attempt, user.paranoid_attempts_remaining
+
+    Devise.paranoid_code_regenerate_after_attempt = original_regenerate
+  end
+end

data/test/test_password_archivable.rb

@@ -1,4 +1,4 @@
-require 'helper'
+require 'test_helper'
 
 class TestPasswordArchivable < ActiveSupport::TestCase
   setup do
@@ -9,15 +9,38 @@ class TestPasswordArchivable < ActiveSupport::TestCase
     Devise.password_archiving_count = 1
   end
 
-  test "should respect maximum attempts configuration" do
-    user = User.new
-    user.password = 'password1'
-    user.password_confirmation = 'password1'
+  def set_password(user, password)
+    user.password = password
+    user.password_confirmation = password
     user.save!
+  end
+
+  test 'cannot use same password' do
+    user = User.create password: 'password1', password_confirmation: 'password1'
+
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password1') }
+  end
+
+  test 'cannot use archived passwords' do
+    assert_equal 2, Devise.password_archiving_count
+
+    user = User.create password: 'password1', password_confirmation: 'password1'
+    assert_equal 0, OldPassword.count
 
-    user.password = 'password1'
-    user.password_confirmation = 'password1'
-    assert_raises(ActiveRecord::RecordInvalid) { user.save! }
+    set_password(user,  'password2')
+    assert_equal 1, OldPassword.count
+
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password1') }
+
+    set_password(user,  'password3')
+    assert_equal 2, OldPassword.count
+
+    # rotate first password out of archive
+    assert set_password(user,  'password4')
+
+    # archive count was 2, so first password should work again
+    assert set_password(user,  'password1')
+    assert set_password(user,  'password2')
   end
 
   test 'the option should be dynamic during runtime' do
@@ -27,21 +50,12 @@ class TestPasswordArchivable < ActiveSupport::TestCase
       end
     end
 
-    user = User.new
-    user.password = 'password1'
-    user.password_confirmation = 'password1'
-    user.save!
+    user = User.create password: 'password1', password_confirmation: 'password1'
 
-    user.password = 'password2'
-    user.password_confirmation = 'password2'
-    user.save!
+    assert set_password(user,  'password2')
 
-    user.password = 'password2'
-    user.password_confirmation = 'password2'
-    assert_raises(ActiveRecord::RecordInvalid) { user.save! }
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password2') }
 
-    user.password = 'password1'
-    user.password_confirmation = 'password1'
-    assert_raises(ActiveRecord::RecordInvalid) { user.save! }
+    assert_raises(ActiveRecord::RecordInvalid) { set_password(user,  'password1') }
   end
 end

data/test/test_password_expired_controller.rb

@@ -0,0 +1,24 @@
+require 'test_helper'
+
+class Devise::PasswordExpiredControllerTest < ActionController::TestCase
+  include Devise::TestHelpers
+
+  setup do
+    @request.env["devise.mapping"] = Devise.mappings[:user]
+    @user = User.create(username: 'hello', email: 'hello@path.travel',
+                        password: '1234', password_changed_at: 3.months.ago)
+
+    sign_in(@user)
+  end
+
+  test 'should render show' do
+    get :show
+    assert_template :show
+  end
+
+  test 'shold update password' do
+    put :update, user: { current_password: '1234', password: '12345',
+                          password_confirmation: '12345' }
+    assert_redirected_to root_path
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise_security_extension
 version: !ruby/object:Gem::Version
-  version: 0.9.2
+  version: 0.10.0
 platform: ruby
 authors:
 - Marco Scholl
@@ -9,104 +9,136 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-04-02 00:00:00.000000000 Z
+date: 2016-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.1
+        version: 3.2.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.1
+        version: 3.2.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 3.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 3.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
-  name: rails_email_validator
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: easy_captcha
+  name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.10
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.10
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: jeweler
+  name: easy_captcha
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.1
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.1
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: rails_email_validator
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
 description: An enterprise security extension for devise, trying to meet industrial
@@ -114,34 +146,37 @@ description: An enterprise security extension for devise, trying to meet industr
 email: team@phatworx.de
 executables: []
 extensions: []
-extra_rdoc_files:
-- LICENSE.txt
-- README.md
+extra_rdoc_files: []
 files:
 - ".document"
+- ".gitignore"
+- ".rubocop.yml"
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
-- VERSION
+- app/controllers/devise/paranoid_verification_code_controller.rb
 - app/controllers/devise/password_expired_controller.rb
+- app/views/devise/paranoid_verification_code/show.html.erb
 - app/views/devise/password_expired/show.html.erb
 - config/locales/de.yml
 - config/locales/en.yml
+- config/locales/it.yml
 - devise_security_extension.gemspec
 - lib/devise_security_extension.rb
 - lib/devise_security_extension/controllers/helpers.rb
 - lib/devise_security_extension/hooks/expirable.rb
+- lib/devise_security_extension/hooks/paranoid_verification.rb
 - lib/devise_security_extension/hooks/password_expirable.rb
 - lib/devise_security_extension/hooks/session_limitable.rb
 - lib/devise_security_extension/models/database_authenticatable_patch.rb
 - lib/devise_security_extension/models/expirable.rb
 - lib/devise_security_extension/models/old_password.rb
+- lib/devise_security_extension/models/paranoid_verification.rb
 - lib/devise_security_extension/models/password_archivable.rb
 - lib/devise_security_extension/models/password_expirable.rb
 - lib/devise_security_extension/models/secure_validatable.rb
-- lib/devise_security_extension/models/security_question.rb
 - lib/devise_security_extension/models/security_questionable.rb
 - lib/devise_security_extension/models/session_limitable.rb
 - lib/devise_security_extension/orm/active_record.rb
@@ -157,9 +192,15 @@ files:
 - lib/devise_security_extension/rails.rb
 - lib/devise_security_extension/routes.rb
 - lib/devise_security_extension/schema.rb
+- lib/devise_security_extension/version.rb
 - lib/generators/devise_security_extension/install_generator.rb
+- lib/generators/templates/devise_security_extension.rb
+- test/dummy/Rakefile
+- test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/foos_controller.rb
 - test/dummy/app/models/.gitkeep
 - test/dummy/app/models/user.rb
+- test/dummy/app/views/foos/index.html.erb
 - test/dummy/config.ru
 - test/dummy/config/application.rb
 - test/dummy/config/boot.rb
@@ -167,11 +208,17 @@ files:
 - test/dummy/config/environment.rb
 - test/dummy/config/environments/test.rb
 - test/dummy/config/initializers/devise.rb
+- test/dummy/config/routes.rb
+- test/dummy/config/secrets.yml
 - test/dummy/db/migrate/20120508165529_create_tables.rb
-- test/helper.rb
-- test/test_devise_security_extension.rb
+- test/dummy/db/migrate/20150402165590_add_verification_columns.rb
+- test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb
+- test/test_helper.rb
+- test/test_install_generator.rb
+- test/test_paranoid_verification.rb
 - test/test_password_archivable.rb
-homepage: http://github.com/phatworx/devise_security_extension
+- test/test_password_expired_controller.rb
+homepage: https://github.com/phatworx/devise_security_extension
 licenses:
 - MIT
 metadata: {}
@@ -183,17 +230,40 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.2
+rubyforge_project: devise_security_extension
+rubygems_version: 2.4.2
 signing_key: 
 specification_version: 4
 summary: Security extension for devise
-test_files: []
+test_files:
+- test/dummy/Rakefile
+- test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/foos_controller.rb
+- test/dummy/app/models/.gitkeep
+- test/dummy/app/models/user.rb
+- test/dummy/app/views/foos/index.html.erb
+- test/dummy/config.ru
+- test/dummy/config/application.rb
+- test/dummy/config/boot.rb
+- test/dummy/config/database.yml
+- test/dummy/config/environment.rb
+- test/dummy/config/environments/test.rb
+- test/dummy/config/initializers/devise.rb
+- test/dummy/config/routes.rb
+- test/dummy/config/secrets.yml
+- test/dummy/db/migrate/20120508165529_create_tables.rb
+- test/dummy/db/migrate/20150402165590_add_verification_columns.rb
+- test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb
+- test/test_helper.rb
+- test/test_install_generator.rb
+- test/test_paranoid_verification.rb
+- test/test_password_archivable.rb
+- test/test_password_expired_controller.rb
 has_rdoc: