devise_security_extension 0.9.2 → 0.10.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +39 -0
  3. data/.rubocop.yml +38 -0
  4. data/Gemfile +1 -5
  5. data/Gemfile.lock +144 -141
  6. data/README.md +37 -11
  7. data/Rakefile +13 -29
  8. data/app/controllers/devise/paranoid_verification_code_controller.rb +42 -0
  9. data/app/controllers/devise/password_expired_controller.rb +16 -7
  10. data/app/views/devise/paranoid_verification_code/show.html.erb +10 -0
  11. data/config/locales/de.yml +2 -0
  12. data/config/locales/en.yml +6 -4
  13. data/config/locales/it.yml +10 -0
  14. data/devise_security_extension.gemspec +24 -104
  15. data/lib/devise_security_extension.rb +18 -8
  16. data/lib/devise_security_extension/controllers/helpers.rb +39 -6
  17. data/lib/devise_security_extension/hooks/paranoid_verification.rb +5 -0
  18. data/lib/devise_security_extension/hooks/session_limitable.rb +1 -0
  19. data/lib/devise_security_extension/models/paranoid_verification.rb +35 -0
  20. data/lib/devise_security_extension/models/password_archivable.rb +3 -7
  21. data/lib/devise_security_extension/models/password_expirable.rb +9 -5
  22. data/lib/devise_security_extension/patches/confirmations_controller_captcha.rb +3 -1
  23. data/lib/devise_security_extension/patches/confirmations_controller_security_question.rb +3 -1
  24. data/lib/devise_security_extension/patches/passwords_controller_captcha.rb +3 -1
  25. data/lib/devise_security_extension/patches/passwords_controller_security_question.rb +3 -1
  26. data/lib/devise_security_extension/patches/registrations_controller_captcha.rb +5 -3
  27. data/lib/devise_security_extension/patches/sessions_controller_captcha.rb +5 -3
  28. data/lib/devise_security_extension/patches/unlocks_controller_captcha.rb +3 -1
  29. data/lib/devise_security_extension/patches/unlocks_controller_security_question.rb +3 -1
  30. data/lib/devise_security_extension/routes.rb +4 -0
  31. data/lib/devise_security_extension/version.rb +3 -0
  32. data/lib/generators/devise_security_extension/install_generator.rb +16 -33
  33. data/lib/generators/templates/devise_security_extension.rb +38 -0
  34. data/test/dummy/Rakefile +6 -0
  35. data/test/dummy/app/controllers/application_controller.rb +2 -0
  36. data/test/dummy/app/controllers/foos_controller.rb +0 -0
  37. data/test/dummy/app/models/user.rb +2 -1
  38. data/test/dummy/app/views/foos/index.html.erb +0 -0
  39. data/test/dummy/config/application.rb +4 -2
  40. data/test/dummy/config/boot.rb +1 -1
  41. data/test/dummy/config/environments/test.rb +4 -2
  42. data/test/dummy/config/initializers/devise.rb +4 -4
  43. data/test/dummy/config/routes.rb +6 -0
  44. data/test/dummy/config/secrets.yml +3 -0
  45. data/test/dummy/db/migrate/20120508165529_create_tables.rb +4 -4
  46. data/test/dummy/db/migrate/20150402165590_add_verification_columns.rb +11 -0
  47. data/test/dummy/db/migrate/20150407162345_add_verification_attempt_column.rb +9 -0
  48. data/test/test_helper.rb +10 -0
  49. data/test/test_install_generator.rb +16 -0
  50. data/test/test_paranoid_verification.rb +124 -0
  51. data/test/test_password_archivable.rb +35 -21
  52. data/test/test_password_expired_controller.rb +24 -0
  53. metadata +104 -34
  54. data/VERSION +0 -1
  55. data/lib/devise_security_extension/models/security_question.rb +0 -3
  56. data/test/helper.rb +0 -22
  57. data/test/test_devise_security_extension.rb +0 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 00cd2d3e3598363842cdb94272e7320adcb521a2
4
- data.tar.gz: f55d02e76c5a2db00ddce48999d47dc301171d25
3
+ metadata.gz: 861a1fcbcd16044ea27b948eafcf016c545d1260
4
+ data.tar.gz: b0282b6fc0a9f73a511acb11c7f37bd2892f0f84
5
5
  SHA512:
6
- metadata.gz: ed3323e9e97510d049e382f3a4fd9b2e0973cf9bba70e2377b067e32b4e91ce72462b635a07271a5d24144370f699ab0b571af6774e231e60c863faea66bc893
7
- data.tar.gz: 9d5ad1d1afea884d3061e60650e346c5698f1a13b62a273167096e8a824dbeecb4d4a87ed24790015a7ab5050497011d2d2447e4e5866cb7af85645a0cbd552c
6
+ metadata.gz: c2b2c5cd49063826a3ea60490bb25d07632cb7c8adde652ec8a60f109e60a94ef9ac20e6a859fcc5567b087c6507f249e37bb739db7949cad85a9adb9be60048
7
+ data.tar.gz: f3ca889418be85fff8cd897de27de8f9555e2c21ca4527fe38cc62874a633ccff9110066e81edc0c3b6c6040b83792f6cb786f73a7020dfb939fe80ad847c4f6
@@ -0,0 +1,39 @@
1
+ test/rails_app/log/*
2
+ test/rails_app/tmp/*
3
+ *~
4
+ coverage/*
5
+ *.sqlite3
6
+ .bundle
7
+ rdoc/*
8
+ pkg
9
+
10
+ # Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore:
11
+ #
12
+ # * Create a file at ~/.gitignore
13
+ # * Include files you want ignored
14
+ # * Run: git config --global core.excludesfile ~/.gitignore
15
+ #
16
+ # After doing this, these files will be ignored in all your git projects,
17
+ # saving you from having to 'pollute' every project you touch with them
18
+ #
19
+ # Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
20
+ #
21
+ # For MacOS:
22
+ #
23
+ #.DS_Store
24
+ #
25
+ # For TextMate
26
+ #*.tmproj
27
+ #tmtags
28
+ #
29
+ # For emacs:
30
+ #*~
31
+ #\#*
32
+ #.\#*
33
+ #
34
+ # For vim:
35
+ #*.swp
36
+
37
+ log
38
+ test/tmp/*
39
+ *.gem
@@ -0,0 +1,38 @@
1
+ AllCops:
2
+ Include:
3
+ - '**/Rakefile'
4
+ - '**/config.ru'
5
+ - 'lib/tasks/**/*'
6
+ Exclude:
7
+ - Gemfile*
8
+ - 'db/**/*'
9
+ - 'config/**/*'
10
+ - 'bin/**/*'
11
+ - 'vendor/bundle/**/*'
12
+ - 'spec/support/**/*' # rspec support helpers have a strange api
13
+ RunRailsCops: true
14
+
15
+ # We don't care about method length, since we check method cyclomatic
16
+ # complexity.
17
+ Metrics/MethodLength:
18
+ Enabled: false
19
+
20
+ # Trailing commas make for clearer diffs because the last line won't appear
21
+ # to have been changed, as it would if it lacked a comma and had one added.
22
+ Style/TrailingComma:
23
+ EnforcedStyleForMultiline: comma
24
+
25
+ # Cop supports --auto-correct.
26
+ # Configuration parameters: PreferredDelimiters.
27
+ Style/PercentLiteralDelimiters:
28
+ PreferredDelimiters:
29
+ # Using `[]` for string arrays instead of `()`, since normal arrays are
30
+ # indicated with `[]` not `()`.
31
+ '%w': '[]'
32
+ '%W': '[]'
33
+
34
+ Style/AndOr:
35
+ # Whether `and` and `or` are banned only in conditionals (conditionals)
36
+ # or completely (always).
37
+ # They read better, more like normal English.
38
+ Enabled: false
data/Gemfile CHANGED
@@ -1,6 +1,2 @@
1
- source "http://rubygems.org"
1
+ source "https://rubygems.org"
2
2
  gemspec
3
- # Add dependencies required to use your gem here.
4
- # Example:
5
- gem "rails", ">= 3.1.1"
6
- gem "devise", ">= 2.0.0"
@@ -1,52 +1,63 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- devise_security_extension (0.8.4)
5
- devise (>= 2.0.0)
6
- rails (>= 3.1.1)
4
+ devise_security_extension (0.10.0)
5
+ devise (>= 3.0.0, < 4.0)
6
+ railties (>= 3.2.6, < 5.0)
7
7
 
8
8
  GEM
9
- remote: http://rubygems.org/
9
+ remote: https://rubygems.org/
10
10
  specs:
11
- actionmailer (4.0.2)
12
- actionpack (= 4.0.2)
13
- mail (~> 2.5.4)
14
- actionpack (4.0.2)
15
- activesupport (= 4.0.2)
16
- builder (~> 3.1.0)
17
- erubis (~> 2.7.0)
18
- rack (~> 1.5.2)
11
+ actionmailer (4.2.5.1)
12
+ actionpack (= 4.2.5.1)
13
+ actionview (= 4.2.5.1)
14
+ activejob (= 4.2.5.1)
15
+ mail (~> 2.5, >= 2.5.4)
16
+ rails-dom-testing (~> 1.0, >= 1.0.5)
17
+ actionpack (4.2.5.1)
18
+ actionview (= 4.2.5.1)
19
+ activesupport (= 4.2.5.1)
20
+ rack (~> 1.6)
19
21
  rack-test (~> 0.6.2)
20
- activemodel (4.0.2)
21
- activesupport (= 4.0.2)
22
- builder (~> 3.1.0)
23
- activerecord (4.0.2)
24
- activemodel (= 4.0.2)
25
- activerecord-deprecated_finders (~> 1.0.2)
26
- activesupport (= 4.0.2)
27
- arel (~> 4.0.0)
28
- activerecord-deprecated_finders (1.0.3)
29
- activesupport (4.0.2)
30
- i18n (~> 0.6, >= 0.6.4)
31
- minitest (~> 4.2)
32
- multi_json (~> 1.3)
33
- thread_safe (~> 0.1)
34
- tzinfo (~> 0.3.37)
35
- addressable (2.3.5)
36
- arel (4.0.1)
37
- atomic (1.1.14)
38
- bcrypt-ruby (3.1.2)
39
- builder (3.1.4)
40
- descendants_tracker (0.0.3)
41
- devise (3.2.2)
42
- bcrypt-ruby (~> 3.0)
22
+ rails-dom-testing (~> 1.0, >= 1.0.5)
23
+ rails-html-sanitizer (~> 1.0, >= 1.0.2)
24
+ actionview (4.2.5.1)
25
+ activesupport (= 4.2.5.1)
26
+ builder (~> 3.1)
27
+ erubis (~> 2.7.0)
28
+ rails-dom-testing (~> 1.0, >= 1.0.5)
29
+ rails-html-sanitizer (~> 1.0, >= 1.0.2)
30
+ activejob (4.2.5.1)
31
+ activesupport (= 4.2.5.1)
32
+ globalid (>= 0.3.0)
33
+ activemodel (4.2.5.1)
34
+ activesupport (= 4.2.5.1)
35
+ builder (~> 3.1)
36
+ activerecord (4.2.5.1)
37
+ activemodel (= 4.2.5.1)
38
+ activesupport (= 4.2.5.1)
39
+ arel (~> 6.0)
40
+ activesupport (4.2.5.1)
41
+ i18n (~> 0.7)
42
+ json (~> 1.7, >= 1.7.7)
43
+ minitest (~> 5.1)
44
+ thread_safe (~> 0.3, >= 0.3.4)
45
+ tzinfo (~> 1.1)
46
+ arel (6.0.3)
47
+ ast (2.2.0)
48
+ bcrypt (3.1.10)
49
+ builder (3.2.2)
50
+ concurrent-ruby (1.0.0)
51
+ devise (3.5.6)
52
+ bcrypt (~> 3.0)
43
53
  orm_adapter (~> 0.1)
44
54
  railties (>= 3.2.6, < 5)
55
+ responders
45
56
  thread_safe (~> 0.1)
46
57
  warden (~> 1.2.3)
47
58
  diff-lcs (1.2.5)
48
- docile (1.1.2)
49
- easy_captcha (0.6.4)
59
+ docile (1.1.5)
60
+ easy_captcha (0.6.5)
50
61
  bundler (>= 1.1.0)
51
62
  rails (>= 3.0.0)
52
63
  rmagick (>= 2.13.1)
@@ -54,122 +65,114 @@ GEM
54
65
  simplecov (>= 0.3.8)
55
66
  yard (>= 0.7.0)
56
67
  erubis (2.7.0)
57
- faraday (0.9.0)
58
- multipart-post (>= 1.2, < 3)
59
- git (1.2.6)
60
- github_api (0.11.1)
61
- addressable (~> 2.3)
62
- descendants_tracker (~> 0.0.1)
63
- faraday (~> 0.8, < 0.10)
64
- hashie (>= 1.2)
65
- multi_json (>= 1.7.5, < 2.0)
66
- nokogiri (~> 1.6.0)
67
- oauth2
68
- hashie (2.0.5)
69
- highline (1.6.20)
70
- hike (1.2.3)
71
- i18n (0.6.9)
72
- jeweler (2.0.1)
73
- builder
74
- bundler (>= 1.0)
75
- git (>= 1.2.5)
76
- github_api
77
- highline (>= 1.6.15)
78
- nokogiri (>= 1.5.10)
79
- rake
80
- rdoc
81
- json (1.8.1)
82
- jwt (0.1.11)
83
- multi_json (>= 1.5)
84
- mail (2.5.4)
85
- mime-types (~> 1.16)
86
- treetop (~> 1.4.8)
87
- mime-types (1.25.1)
88
- mini_portile (0.5.2)
89
- minitest (4.7.5)
90
- multi_json (1.8.4)
91
- multi_xml (0.5.5)
92
- multipart-post (2.0.0)
93
- nokogiri (1.6.1)
94
- mini_portile (~> 0.5.0)
95
- oauth2 (0.9.3)
96
- faraday (>= 0.8, < 0.10)
97
- jwt (~> 0.1.8)
98
- multi_json (~> 1.3)
99
- multi_xml (~> 0.5)
100
- rack (~> 1.2)
68
+ globalid (0.3.6)
69
+ activesupport (>= 4.1.0)
70
+ i18n (0.7.0)
71
+ json (1.8.3)
72
+ loofah (2.0.3)
73
+ nokogiri (>= 1.5.9)
74
+ mail (2.6.3)
75
+ mime-types (>= 1.16, < 3)
76
+ mime-types (2.99.1)
77
+ mini_portile2 (2.0.0)
78
+ minitest (5.8.4)
79
+ nokogiri (1.6.7.2)
80
+ mini_portile2 (~> 2.0.0.rc2)
101
81
  orm_adapter (0.5.0)
102
- polyglot (0.3.3)
103
- rack (1.5.2)
104
- rack-test (0.6.2)
82
+ parser (2.3.0.6)
83
+ ast (~> 2.2)
84
+ powerpack (0.1.1)
85
+ rack (1.6.4)
86
+ rack-test (0.6.3)
105
87
  rack (>= 1.0)
106
- rails (4.0.2)
107
- actionmailer (= 4.0.2)
108
- actionpack (= 4.0.2)
109
- activerecord (= 4.0.2)
110
- activesupport (= 4.0.2)
88
+ rails (4.2.5.1)
89
+ actionmailer (= 4.2.5.1)
90
+ actionpack (= 4.2.5.1)
91
+ actionview (= 4.2.5.1)
92
+ activejob (= 4.2.5.1)
93
+ activemodel (= 4.2.5.1)
94
+ activerecord (= 4.2.5.1)
95
+ activesupport (= 4.2.5.1)
111
96
  bundler (>= 1.3.0, < 2.0)
112
- railties (= 4.0.2)
113
- sprockets-rails (~> 2.0.0)
97
+ railties (= 4.2.5.1)
98
+ sprockets-rails
99
+ rails-deprecated_sanitizer (1.0.3)
100
+ activesupport (>= 4.2.0.alpha)
101
+ rails-dom-testing (1.0.7)
102
+ activesupport (>= 4.2.0.beta, < 5.0)
103
+ nokogiri (~> 1.6.0)
104
+ rails-deprecated_sanitizer (>= 1.0.1)
105
+ rails-html-sanitizer (1.0.3)
106
+ loofah (~> 2.0)
114
107
  rails_email_validator (0.1.4)
115
108
  activemodel (>= 3.0.0)
116
- railties (4.0.2)
117
- actionpack (= 4.0.2)
118
- activesupport (= 4.0.2)
109
+ railties (4.2.5.1)
110
+ actionpack (= 4.2.5.1)
111
+ activesupport (= 4.2.5.1)
119
112
  rake (>= 0.8.7)
120
113
  thor (>= 0.18.1, < 2.0)
121
- rake (10.1.1)
122
- rdoc (4.1.1)
123
- json (~> 1.4)
124
- rmagick (2.13.2)
125
- rspec-core (2.14.7)
126
- rspec-expectations (2.14.4)
127
- diff-lcs (>= 1.1.3, < 2.0)
128
- rspec-mocks (2.14.4)
129
- rspec-rails (2.14.1)
130
- actionpack (>= 3.0)
131
- activemodel (>= 3.0)
132
- activesupport (>= 3.0)
133
- railties (>= 3.0)
134
- rspec-core (~> 2.14.0)
135
- rspec-expectations (~> 2.14.0)
136
- rspec-mocks (~> 2.14.0)
137
- simplecov (0.8.2)
114
+ rainbow (2.1.0)
115
+ rake (10.5.0)
116
+ responders (2.1.1)
117
+ railties (>= 4.2.0, < 5.1)
118
+ rmagick (2.15.4)
119
+ rspec-core (3.4.3)
120
+ rspec-support (~> 3.4.0)
121
+ rspec-expectations (3.4.0)
122
+ diff-lcs (>= 1.2.0, < 2.0)
123
+ rspec-support (~> 3.4.0)
124
+ rspec-mocks (3.4.1)
125
+ diff-lcs (>= 1.2.0, < 2.0)
126
+ rspec-support (~> 3.4.0)
127
+ rspec-rails (3.4.2)
128
+ actionpack (>= 3.0, < 4.3)
129
+ activesupport (>= 3.0, < 4.3)
130
+ railties (>= 3.0, < 4.3)
131
+ rspec-core (~> 3.4.0)
132
+ rspec-expectations (~> 3.4.0)
133
+ rspec-mocks (~> 3.4.0)
134
+ rspec-support (~> 3.4.0)
135
+ rspec-support (3.4.1)
136
+ rubocop (0.37.2)
137
+ parser (>= 2.3.0.4, < 3.0)
138
+ powerpack (~> 0.1)
139
+ rainbow (>= 1.99.1, < 3.0)
140
+ ruby-progressbar (~> 1.7)
141
+ unicode-display_width (~> 0.3)
142
+ ruby-progressbar (1.7.5)
143
+ simplecov (0.11.2)
138
144
  docile (~> 1.1.0)
139
- multi_json
140
- simplecov-html (~> 0.8.0)
141
- simplecov-html (0.8.0)
142
- sprockets (2.10.1)
143
- hike (~> 1.2)
144
- multi_json (~> 1.0)
145
- rack (~> 1.0)
146
- tilt (~> 1.1, != 1.3.0)
147
- sprockets-rails (2.0.1)
148
- actionpack (>= 3.0)
149
- activesupport (>= 3.0)
150
- sprockets (~> 2.8)
151
- sqlite3 (1.3.9)
152
- thor (0.18.1)
153
- thread_safe (0.1.3)
154
- atomic
155
- tilt (1.4.1)
156
- treetop (1.4.15)
157
- polyglot
158
- polyglot (>= 0.3.1)
159
- tzinfo (0.3.38)
160
- warden (1.2.3)
145
+ json (~> 1.8)
146
+ simplecov-html (~> 0.10.0)
147
+ simplecov-html (0.10.0)
148
+ sprockets (3.5.2)
149
+ concurrent-ruby (~> 1.0)
150
+ rack (> 1, < 3)
151
+ sprockets-rails (3.0.3)
152
+ actionpack (>= 4.0)
153
+ activesupport (>= 4.0)
154
+ sprockets (>= 3.0.0)
155
+ sqlite3 (1.3.11)
156
+ thor (0.19.1)
157
+ thread_safe (0.3.5)
158
+ tzinfo (1.2.2)
159
+ thread_safe (~> 0.1)
160
+ unicode-display_width (0.3.1)
161
+ warden (1.2.6)
161
162
  rack (>= 1.0)
162
- yard (0.8.7.3)
163
+ yard (0.8.7.6)
163
164
 
164
165
  PLATFORMS
165
166
  ruby
166
167
 
167
168
  DEPENDENCIES
168
- bundler (>= 1.0.0)
169
- devise (>= 2.0.0)
169
+ bundler (>= 1.3.0, < 2.0)
170
170
  devise_security_extension!
171
- easy_captcha
172
- jeweler (~> 2.0.1)
173
- rails (>= 3.1.1)
174
- rails_email_validator
175
- sqlite3
171
+ easy_captcha (~> 0)
172
+ minitest
173
+ rails_email_validator (~> 0)
174
+ rubocop (~> 0)
175
+ sqlite3 (~> 1.3.10)
176
+
177
+ BUNDLED WITH
178
+ 1.11.2
data/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  An enterprise security extension for [Devise](https://github.com/plataformatec/devise), trying to meet industrial standard security demands for web applications.
4
4
 
5
- It is composed of 6 addtional Devise modules:
5
+ It is composed of 7 additional Devise modules:
6
6
 
7
7
  * `:password_expirable` - passwords will expire after a configured time (and will need an update)
8
8
  * `:secure_validatable` - better way to validate a model (email, stronger password validation). Don't use with Devise `:validatable` module!
@@ -10,6 +10,7 @@ It is composed of 6 addtional Devise modules:
10
10
  * `:session_limitable` - ensures, that there is only one session usable per account at once
11
11
  * `:expirable` - expires a user account after x days of inactivity (default 90 days)
12
12
  * `:security_questionable` - as accessible substitution for captchas (security question with captcha fallback)
13
+ * `:paranoid_verification` - admin can generate verification code that user needs to fill in otherwise he wont be able to use the application.
13
14
 
14
15
  Configuration and database schema for each module below.
15
16
 
@@ -33,7 +34,8 @@ After you installed Devise Security Extension you need to run the generator:
33
34
  rails generate devise_security_extension:install
34
35
  ```
35
36
 
36
- The generator will inject the available configuration options into the **existing** Devise initializer and you MUST take a look at it (and all the Devise configuration as well). When you are done, you are ready to add Devise Security Extension modules on top of Devise modules to any of your Devise models:
37
+ The generator adds optional configurations to `config/initializers/devise.rb`. Enable
38
+ the modules you wish to use in the initializer you are ready to add Devise Security Extension modules on top of Devise modules to any of your Devise models:
37
39
 
38
40
  ```ruby
39
41
  devise :password_expirable, :secure_validatable, :password_archivable, :session_limitable, :expirable
@@ -58,7 +60,7 @@ Devise.setup do |config|
58
60
  # Need 1 char of A-Z, a-z and 0-9
59
61
  # config.password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
60
62
 
61
- # How often save old passwords in archive
63
+ # Number of old passwords in archive
62
64
  # config.password_archiving_count = 5
63
65
 
64
66
  # Deny old password (true, false, count)
@@ -99,7 +101,7 @@ The captcha support depends on [EasyCaptcha](https://github.com/phatworx/easy_ca
99
101
 
100
102
  ### Installation
101
103
 
102
- 1. Add EasyCaptcha to your `Gemfile` with
104
+ 1. Add EasyCaptcha to your `Gemfile` with
103
105
  ```ruby
104
106
  gem 'easy_captcha'
105
107
  ```
@@ -130,7 +132,6 @@ add_index :the_resources, :password_changed_at
130
132
  ```ruby
131
133
  create_table :old_passwords do |t|
132
134
  t.string :encrypted_password, :null => false
133
- t.string :password_salt
134
135
  t.string :password_archivable_type, :null => false
135
136
  t.integer :password_archivable_id, :null => false
136
137
  t.datetime :created_at
@@ -159,7 +160,31 @@ add_index :the_resources, :last_activity_at
159
160
  add_index :the_resources, :expired_at
160
161
  ```
161
162
 
163
+ ### Paranoid verifiable
164
+ ```ruby
165
+ create_table :the_resources do |t|
166
+ # other devise fields
167
+
168
+ t.string :paranoid_verification_code
169
+ t.integer :paranoid_verification_attempt, default: 0
170
+ t.datetime :paranoid_verified_at
171
+ end
172
+ add_index :the_resources, :paranoid_verification_code
173
+ add_index :the_resources, :paranoid_verified_at
174
+ ```
175
+
176
+ [Documentation for Paranoid Verifiable module]( https://github.com/phatworx/devise_security_extension/wiki/Paranoid-Verification)
177
+
162
178
  ### Security questionable
179
+
180
+ ```ruby
181
+ # app/models/security_question.rb
182
+ class SecurityQuestion < ActiveRecord::Base
183
+ validates :locale, presence: true
184
+ validates :name, presence: true, uniqueness: true
185
+ end
186
+ ```
187
+
163
188
  ```ruby
164
189
  create_table :security_questions do |t|
165
190
  t.string :locale, :null => false
@@ -196,7 +221,7 @@ end
196
221
 
197
222
  * Devise (https://github.com/plataformatec/devise)
198
223
  * Rails 3.2 onwards (http://github.com/rails/rails)
199
- * recommendations:
224
+ * recommendations:
200
225
  * `autocomplete-off` (http://github.com/phatworx/autocomplete-off)
201
226
  * `easy_captcha` (http://github.com/phatworx/easy_captcha)
202
227
  * `rails_email_validator` (http://github.com/phatworx/rails_email_validator)
@@ -218,10 +243,11 @@ end
218
243
 
219
244
  ## Maintainers
220
245
 
221
- * Team Phatworx (http://github.com/phatworx)
222
- * Alexander Dreher (http://github.com/alexdreher)
223
- * Christoph Chilian (http://github.com/cc-web)
224
- * Marco Scholl (http://github.com/traxanos)
246
+ * Team Phatworx (https://github.com/phatworx)
247
+ * Alexander Dreher (https://github.com/alexdreher)
248
+ * Christoph Chilian (https://github.com/cc-web)
249
+ * Marco Scholl (https://github.com/traxanos)
250
+ * Thomas Powell (https://github.com/stringsn88keys)
225
251
 
226
252
  ## Contributing to devise_security_extension
227
253
 
@@ -235,4 +261,4 @@ end
235
261
 
236
262
  ## Copyright
237
263
 
238
- Copyright (c) 2011-2012 Marco Scholl. See LICENSE.txt for further details.
264
+ Copyright (c) 2011-2015 Marco Scholl. See LICENSE.txt for further details.