devise_security_extension 0.2.1 → 0.3.0

data/README.rdoc

@@ -23,10 +23,22 @@ after bundle execute
 
  * :password_expirable - activate that passwords will expire
  * :secure_validatable - better way to validate model. don't use with :validatable!!!
+ * :password_archivable - save password in old_passwords for history checks
 
 == Schema
 
- * t.password_expirable
+=== Password expirable
+
+  create_table :the_resources do |t|
+    t.password_expirable
+  end
+
+=== Password archive
+
+  create_table :old_passwords do
+    t.password_archivable
+  end
+  add_index :old_passwords, [:password_archivable_type, :password_archivable_id], :name => :index_password_archivable
 
 == Requirements
 
@@ -37,6 +49,7 @@ after bundle execute
 
  * expire passwords (update password with current password)
  * strong password validation
+ * save old passwords for check new passwords
 
 == Todo
 
@@ -48,6 +61,7 @@ after bundle execute
 == History
  * 0.1 expire passwords
  * 0.2 strong password validation
+ * 0.3 password archivable with validation
 
 == Maintainers
 

data/VERSION

@@ -1 +1 @@
-0.2.1
+0.3.0

data/devise_security_extension.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise_security_extension}
-  s.version = "0.2.1"
+  s.version = "0.3.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Marco Scholl"]
-  s.date = %q{2011-02-03}
+  s.date = %q{2011-02-13}
   s.description = %q{a gem for extend devise for more password security}
   s.email = %q{develop@marco-scholl.de}
   s.extra_rdoc_files = [
@@ -32,6 +32,8 @@ Gem::Specification.new do |s|
     "lib/devise_security_extension.rb",
     "lib/devise_security_extension/controllers/helpers.rb",
     "lib/devise_security_extension/hooks/password_expirable.rb",
+    "lib/devise_security_extension/models/old_password.rb",
+    "lib/devise_security_extension/models/password_archivable.rb",
     "lib/devise_security_extension/models/password_expirable.rb",
     "lib/devise_security_extension/models/secure_validatable.rb",
     "lib/devise_security_extension/orm/active_record.rb",

data/lib/devise_security_extension.rb

@@ -1,6 +1,8 @@
 #require 'rails/all'
 require 'active_record/connection_adapters/abstract/schema_definitions'
 require 'active_support/core_ext/integer'
+require 'active_support/ordered_hash'
+require 'active_support/concern'
 require 'devise'
 
 module Devise # :nodoc:
@@ -13,6 +15,13 @@ module Devise # :nodoc:
   mattr_accessor :password_regex
   @@password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
 
+  # write history of last x passwords
+  mattr_accessor :password_archiving_count
+  @@password_archiving_count = 5
+
+  # deny old password (true, false, integer)
+  mattr_accessor :deny_old_passwords
+  @@deny_old_passwords = true
 end
 
 # an security extension for devise
@@ -26,7 +35,9 @@ end
 
 Devise.add_module :password_expirable, :controller => :password_expirable, :model => 'devise_security_extension/models/password_expirable', :route => :password_expired
 Devise.add_module :secure_validatable, :model => 'devise_security_extension/models/secure_validatable'
+Devise.add_module :password_archivable, :model => 'devise_security_extension/models/password_archivable'
 
 require 'devise_security_extension/routes'
 require 'devise_security_extension/rails'
 require 'devise_security_extension/orm/active_record'
+require 'devise_security_extension/models/old_password'

data/lib/devise_security_extension/models/old_password.rb

@@ -0,0 +1,3 @@
+class OldPassword < ActiveRecord::Base
+  belongs_to :password_archivable, :polymorphic => true
+end

data/lib/devise_security_extension/models/password_archivable.rb

@@ -0,0 +1,67 @@
+module Devise # :nodoc:
+  module Models # :nodoc:
+
+    # PasswordArchivable
+    module PasswordArchivable
+
+      def self.included(base) # :nodoc:
+        base.extend ClassMethods
+
+        base.class_eval do
+          include InstanceMethods
+          has_many :old_passwords, :as => :password_archivable, :class_name => "OldPassword"
+          before_save :archive_password
+          validate :validate_password_archive
+        end
+      end
+
+      module InstanceMethods # :nodoc:
+
+        def validate_password_archive
+          self.errors.add(:password, :taken_in_past) if password_archive_included?
+        end
+
+        # validate is the password used in the past
+        def password_archive_included?
+          unless self.class.deny_old_passwords.is_a? Fixnum
+            if self.class.deny_old_passwords.is_a? TrueClass and self.class.password_archiving_count > 0
+              self.class.deny_old_passwords = self.class.password_archiving_count
+            else
+              self.class.deny_old_passwords = 0
+            end
+          end
+
+          if self.class.deny_old_passwords > 0 and not self.password.nil?
+            self.old_passwords.order('created_at DESC').limit(self.class.deny_old_passwords).limit(self.class.deny_old_passwords).each do |old_password|
+              dummy                    = self.class.new
+              dummy.encrypted_password = old_password.encrypted_password
+              dummy.password_salt      = old_password.password_salt
+              return true if dummy.valid_password?(self.password)
+            end
+          end
+
+          false
+        end
+
+        private
+
+        # archive the last password before save and delete all to old passwords from archive
+        def archive_password
+          if self.encrypted_password_changed?
+            if self.class.password_archiving_count.to_i > 0
+              self.old_passwords.create! :encrypted_password => self.encrypted_password_change.first, :password_salt => self.password_salt_change.first
+              self.old_passwords.order('created_at DESC').offset(self.class.password_archiving_count).destroy_all
+            else
+              self.old_passwords.destroy_all
+            end
+          end
+        end
+      end
+
+      module ClassMethods #:nodoc:
+        ::Devise::Models.config(self, :password_archiving_count, :deny_old_passwords)
+      end
+    end
+  end
+
+end

data/lib/devise_security_extension/schema.rb

@@ -6,7 +6,7 @@ module DeviseSecurityExtension
     # Examples
     #
     # # For a new resource migration:
-    # create_table :the_resources do
+    # create_table :the_resources do |t|
     #   t.password_expirable
     # ...
     # end
@@ -19,5 +19,22 @@ module DeviseSecurityExtension
     def password_expirable
       apply_devise_schema :password_changed_at, DateTime
     end
+
+    # Add password_archivable columns
+    #
+    # Examples
+    #
+    # create_table :old_passwords do
+    #   t.password_archivable
+    # end
+    # add_index :old_passwords, [:password_archivable_type, :password_archivable_id], :name => :index_password_archivable
+    #
+    def password_archivable
+      apply_devise_schema :encrypted_password, String, :limit => 128, :null => false
+      apply_devise_schema :password_salt, String, :null => false
+      apply_devise_schema :password_archivable_id, Integer, :null => false
+      apply_devise_schema :password_archivable_type, String, :null => false
+      apply_devise_schema :created_at, DateTime
+    end
   end
 end

data/lib/generators/devise_security_extension/install_generator.rb

@@ -8,8 +8,12 @@ module DeviseSecurityExtension
 
       def add_configs
         inject_into_file "config/initializers/devise.rb", "\n\n  # ==> Security Extension\n  # Configure security extension for devise\n\n" +
-        "  # Should the password expire (e.g 3.months)\n  # config.expire_password_after = false\n" +
-        "  # Need 1 char of A-Z, a-z and 0-9\n  # config.password_regex = /(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])/\n" +
+        "  # Should the password expire (e.g 3.months)\n" +
+        "  # config.expire_password_after = false\n" +
+        "  # Need 1 char of A-Z, a-z and 0-9\n" +
+        "  # config.password_regex = /(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])/\n" +
+        "  # How often save old passwords in archive\n" +
+        "  # config.password_archiving_count = 5\n" +
         "\n", :before => /end[ |\n|]+\Z/
       end
 

metadata

@@ -2,7 +2,7 @@
 name: devise_security_extension
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors: 
 - Marco Scholl
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-03 00:00:00 +01:00
+date: 2011-02-13 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -104,6 +104,8 @@ files:
 - lib/devise_security_extension.rb
 - lib/devise_security_extension/controllers/helpers.rb
 - lib/devise_security_extension/hooks/password_expirable.rb
+- lib/devise_security_extension/models/old_password.rb
+- lib/devise_security_extension/models/password_archivable.rb
 - lib/devise_security_extension/models/password_expirable.rb
 - lib/devise_security_extension/models/secure_validatable.rb
 - lib/devise_security_extension/orm/active_record.rb
@@ -127,7 +129,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: -219664376672679260
+      hash: -461004346872330403
       segments: 
       - 0
       version: "0"