devise_security_extension 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
data/Gemfile CHANGED
@@ -3,6 +3,7 @@ source "http://rubygems.org"
3
3
  # Example:
4
4
  gem "rails"
5
5
  gem "devise"
6
+ gem "rails_email_validator"
6
7
 
7
8
  # Add dependencies to develop your gem here.
8
9
  # Include everything needed to run rake, tests, features, etc.
data/Gemfile.lock CHANGED
@@ -62,6 +62,9 @@ GEM
62
62
  activesupport (= 3.0.3)
63
63
  bundler (~> 1.0)
64
64
  railties (= 3.0.3)
65
+ rails_email_validator (0.1.1)
66
+ activemodel (>= 3.0.0)
67
+ activemodel (>= 3.0.0)
65
68
  railties (3.0.3)
66
69
  actionpack (= 3.0.3)
67
70
  activesupport (= 3.0.3)
@@ -84,4 +87,5 @@ DEPENDENCIES
84
87
  devise
85
88
  jeweler (~> 1.5.2)
86
89
  rails
90
+ rails_email_validator
87
91
  rcov
data/README.rdoc CHANGED
@@ -12,10 +12,18 @@ after bundle execute
12
12
  == Configuration
13
13
 
14
14
  Devise.setup do |config|
15
- # Should the password expire (e.g 3.months)
16
- # config.expire_password_after = false
15
+ # Should the password expire
16
+ # config.expire_password_after = 3.months
17
+
18
+ # Need 1 char of A-Z, a-z and 0-9
19
+ # config.password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
17
20
  end
18
21
 
22
+ == Model modules
23
+
24
+ * :password_expirable - activate that passwords will expire
25
+ * :secure_validatable - better way to validate model. don't use with :validatable!!!
26
+
19
27
  == Requirements
20
28
 
21
29
  * devise (https://github.com/plataformatec/devise)
@@ -24,10 +32,10 @@ after bundle execute
24
32
  == Features
25
33
 
26
34
  * expire passwords (update password with current password)
35
+ * strong password validation
27
36
 
28
37
  == Todo
29
38
 
30
- * password rules
31
39
  * easy_captcha for registration
32
40
  * easy_captcha for password forgotten
33
41
  * easy_captcha for unlock instructions
@@ -35,6 +43,7 @@ after bundle execute
35
43
 
36
44
  == History
37
45
  * 0.1 expire passwords
46
+ * 0.2 strong password validation
38
47
 
39
48
  == Maintainers
40
49
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.0
1
+ 0.2.0
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{devise_security_extension}
8
- s.version = "0.1.0"
8
+ s.version = "0.2.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Marco Scholl"]
12
- s.date = %q{2011-01-31}
12
+ s.date = %q{2011-02-01}
13
13
  s.description = %q{a gem for extend devise for more password security}
14
14
  s.email = %q{develop@marco-scholl.de}
15
15
  s.extra_rdoc_files = [
@@ -33,6 +33,7 @@ Gem::Specification.new do |s|
33
33
  "lib/devise_security_extension/controllers/helpers.rb",
34
34
  "lib/devise_security_extension/hooks/password_expirable.rb",
35
35
  "lib/devise_security_extension/models/password_expirable.rb",
36
+ "lib/devise_security_extension/models/secure_validatable.rb",
36
37
  "lib/devise_security_extension/rails.rb",
37
38
  "lib/devise_security_extension/routes.rb",
38
39
  "lib/devise_security_extension/schema.rb",
@@ -57,12 +58,14 @@ Gem::Specification.new do |s|
57
58
  if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
58
59
  s.add_runtime_dependency(%q<rails>, [">= 0"])
59
60
  s.add_runtime_dependency(%q<devise>, [">= 0"])
61
+ s.add_runtime_dependency(%q<rails_email_validator>, [">= 0"])
60
62
  s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
61
63
  s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
62
64
  s.add_development_dependency(%q<rcov>, [">= 0"])
63
65
  else
64
66
  s.add_dependency(%q<rails>, [">= 0"])
65
67
  s.add_dependency(%q<devise>, [">= 0"])
68
+ s.add_dependency(%q<rails_email_validator>, [">= 0"])
66
69
  s.add_dependency(%q<bundler>, ["~> 1.0.0"])
67
70
  s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
68
71
  s.add_dependency(%q<rcov>, [">= 0"])
@@ -70,6 +73,7 @@ Gem::Specification.new do |s|
70
73
  else
71
74
  s.add_dependency(%q<rails>, [">= 0"])
72
75
  s.add_dependency(%q<devise>, [">= 0"])
76
+ s.add_dependency(%q<rails_email_validator>, [">= 0"])
73
77
  s.add_dependency(%q<bundler>, ["~> 1.0.0"])
74
78
  s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
75
79
  s.add_dependency(%q<rcov>, [">= 0"])
@@ -10,7 +10,11 @@ module Devise # :nodoc:
10
10
 
11
11
  # expire password after e.g 1.year
12
12
  mattr_accessor :expire_password_after
13
- @@expire_password_after = false
13
+ @@expire_password_after = 3.months
14
+
15
+ # validate password for strongness
16
+ mattr_accessor :password_regex
17
+ @@password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
14
18
 
15
19
  end
16
20
 
@@ -20,3 +24,4 @@ module DeviseSecurityExtension
20
24
  end
21
25
 
22
26
  Devise.add_module :password_expirable, :controller => :password_expirable, :model => 'devise_security_extension/models/password_expirable', :route => :password_expired
27
+ Devise.add_module :secure_validatable, :model => 'devise_security_extension/models/secure_validatable'
@@ -0,0 +1,55 @@
1
+ module Devise
2
+ module Models
3
+ # SecureValidatable creates better validations with more validation for security
4
+ #
5
+ # == Options
6
+ #
7
+ # SecureValidatable adds the following options to devise_for:
8
+ #
9
+ # * +email_regexp+: the regular expression used to validate e-mails;
10
+ # * +password_length+: a range expressing password length. Defaults from devise
11
+ # * +password_regex+: need strong password. Defaults to /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
12
+ #
13
+ module SecureValidatable
14
+
15
+ def self.included(base)
16
+ base.extend ClassMethods
17
+ assert_secure_validations_api!(base)
18
+
19
+ base.class_eval do
20
+
21
+ # uniq login
22
+ validates authentication_keys[0], :uniqueness => {:scope => authentication_keys[1..-1]}#, :case_sensitive => case_insensitive_keys.exclude?(authentication_keys[0])
23
+
24
+ # validates email
25
+ validates :email, :presence => true, :if => :email_required?
26
+ validates :email, :email => true # use rails_email_validator
27
+
28
+ # validates password
29
+ validates :password, :presence => true, :length => password_length, :format => password_regex, :confirmation => true, :if => :password_required?
30
+ end
31
+ end
32
+
33
+ def self.assert_secure_validations_api!(base) #:nodoc:
34
+ raise "Could not use SecureValidatable on #{base}" unless base.respond_to?(:validates)
35
+ end
36
+
37
+ protected
38
+
39
+ # Checks whether a password is needed or not. For validations only.
40
+ # Passwords are always required if it's a new record, or if the password
41
+ # or confirmation are being set somewhere.
42
+ def password_required?
43
+ !persisted? || !password.nil? || !password_confirmation.nil?
44
+ end
45
+
46
+ def email_required?
47
+ true
48
+ end
49
+
50
+ module ClassMethods
51
+ Devise::Models.config(self, :password_regex, :password_length)
52
+ end
53
+ end
54
+ end
55
+ end
@@ -7,7 +7,10 @@ module DeviseSecurityExtension
7
7
  desc "Install the devise security extension"
8
8
 
9
9
  def add_configs
10
- inject_into_file "config/initializers/devise.rb", "\n\n # ==> Security Extension\n # Configure security extension for devise\n\n # Should the password expire (e.g 3.months)\n # config.expire_password_after = false\n\n", :before => /end[ |\n|]+\Z/
10
+ inject_into_file "config/initializers/devise.rb", "\n\n # ==> Security Extension\n # Configure security extension for devise\n\n" +
11
+ " # Should the password expire (e.g 3.months)\n # config.expire_password_after = false\n" +
12
+ " # Need 1 char of A-Z, a-z and 0-9\n # config.password_regex = /(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])/\n" +
13
+ "\n", :before => /end[ |\n|]+\Z/
11
14
  end
12
15
 
13
16
  def copy_locale
metadata CHANGED
@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
4
4
  prerelease: false
5
5
  segments:
6
6
  - 0
7
- - 1
7
+ - 2
8
8
  - 0
9
- version: 0.1.0
9
+ version: 0.2.0
10
10
  platform: ruby
11
11
  authors:
12
12
  - Marco Scholl
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2011-01-31 00:00:00 +01:00
17
+ date: 2011-02-01 00:00:00 +01:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
@@ -44,8 +44,21 @@ dependencies:
44
44
  prerelease: false
45
45
  version_requirements: *id002
46
46
  - !ruby/object:Gem::Dependency
47
- name: bundler
47
+ name: rails_email_validator
48
48
  requirement: &id003 !ruby/object:Gem::Requirement
49
+ none: false
50
+ requirements:
51
+ - - ">="
52
+ - !ruby/object:Gem::Version
53
+ segments:
54
+ - 0
55
+ version: "0"
56
+ type: :runtime
57
+ prerelease: false
58
+ version_requirements: *id003
59
+ - !ruby/object:Gem::Dependency
60
+ name: bundler
61
+ requirement: &id004 !ruby/object:Gem::Requirement
49
62
  none: false
50
63
  requirements:
51
64
  - - ~>
@@ -57,10 +70,10 @@ dependencies:
57
70
  version: 1.0.0
58
71
  type: :development
59
72
  prerelease: false
60
- version_requirements: *id003
73
+ version_requirements: *id004
61
74
  - !ruby/object:Gem::Dependency
62
75
  name: jeweler
63
- requirement: &id004 !ruby/object:Gem::Requirement
76
+ requirement: &id005 !ruby/object:Gem::Requirement
64
77
  none: false
65
78
  requirements:
66
79
  - - ~>
@@ -72,10 +85,10 @@ dependencies:
72
85
  version: 1.5.2
73
86
  type: :development
74
87
  prerelease: false
75
- version_requirements: *id004
88
+ version_requirements: *id005
76
89
  - !ruby/object:Gem::Dependency
77
90
  name: rcov
78
- requirement: &id005 !ruby/object:Gem::Requirement
91
+ requirement: &id006 !ruby/object:Gem::Requirement
79
92
  none: false
80
93
  requirements:
81
94
  - - ">="
@@ -85,7 +98,7 @@ dependencies:
85
98
  version: "0"
86
99
  type: :development
87
100
  prerelease: false
88
- version_requirements: *id005
101
+ version_requirements: *id006
89
102
  description: a gem for extend devise for more password security
90
103
  email: develop@marco-scholl.de
91
104
  executables: []
@@ -112,6 +125,7 @@ files:
112
125
  - lib/devise_security_extension/controllers/helpers.rb
113
126
  - lib/devise_security_extension/hooks/password_expirable.rb
114
127
  - lib/devise_security_extension/models/password_expirable.rb
128
+ - lib/devise_security_extension/models/secure_validatable.rb
115
129
  - lib/devise_security_extension/rails.rb
116
130
  - lib/devise_security_extension/routes.rb
117
131
  - lib/devise_security_extension/schema.rb
@@ -132,7 +146,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
132
146
  requirements:
133
147
  - - ">="
134
148
  - !ruby/object:Gem::Version
135
- hash: 3532175990553077458
149
+ hash: -2724377088242008292
136
150
  segments:
137
151
  - 0
138
152
  version: "0"