devise_security_extension 0.3.2 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +1 -1
- data/VERSION +1 -1
- data/devise_security_extension.gemspec +2 -2
- data/lib/devise_security_extension/controllers/helpers.rb +1 -1
- data/lib/devise_security_extension/hooks/password_expirable.rb +1 -1
- data/lib/devise_security_extension/models/password_archivable.rb +1 -1
- data/lib/devise_security_extension/models/secure_validatable.rb +11 -1
- metadata +3 -3
data/README.rdoc
CHANGED
|
@@ -40,7 +40,7 @@ after bundle execute
|
|
|
40
40
|
|
|
41
41
|
=== Password archive
|
|
42
42
|
|
|
43
|
-
create_table :old_passwords do
|
|
43
|
+
create_table :old_passwords do |t|
|
|
44
44
|
t.password_archivable
|
|
45
45
|
end
|
|
46
46
|
add_index :old_passwords, [:password_archivable_type, :password_archivable_id], :name => :index_password_archivable
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.3.
|
|
1
|
+
0.3.3
|
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{devise_security_extension}
|
|
8
|
-
s.version = "0.3.
|
|
8
|
+
s.version = "0.3.3"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Marco Scholl"]
|
|
12
|
-
s.date = %q{2011-
|
|
12
|
+
s.date = %q{2011-03-08}
|
|
13
13
|
s.description = %q{a gem for extend devise for more password security}
|
|
14
14
|
s.email = %q{team@phatworx.de}
|
|
15
15
|
s.extra_rdoc_files = [
|
|
@@ -16,7 +16,7 @@ module DeviseSecurityExtension
|
|
|
16
16
|
def handle_password_change
|
|
17
17
|
Devise.mappings.keys.flatten.any? do |scope|
|
|
18
18
|
if signed_in? scope
|
|
19
|
-
if warden.session[:password_expired]
|
|
19
|
+
if warden.session(scope)[:password_expired]
|
|
20
20
|
session["#{scope}_return_to"] = request.path if request.get?
|
|
21
21
|
redirect_for_password_change scope
|
|
22
22
|
break
|
|
@@ -10,7 +10,7 @@ module Devise # :nodoc:
|
|
|
10
10
|
base.class_eval do
|
|
11
11
|
include InstanceMethods
|
|
12
12
|
has_many :old_passwords, :as => :password_archivable, :class_name => "OldPassword"
|
|
13
|
-
|
|
13
|
+
before_update :archive_password
|
|
14
14
|
validate :validate_password_archive
|
|
15
15
|
end
|
|
16
16
|
end
|
|
@@ -19,7 +19,7 @@ module Devise
|
|
|
19
19
|
base.class_eval do
|
|
20
20
|
|
|
21
21
|
# uniq login
|
|
22
|
-
validates authentication_keys[0], :uniqueness => {:scope => authentication_keys[1..-1]}#, :case_sensitive => case_insensitive_keys.exclude?(authentication_keys[0])
|
|
22
|
+
validates authentication_keys[0], :uniqueness => {:scope => authentication_keys[1..-1]} #, :case_sensitive => case_insensitive_keys.exclude?(authentication_keys[0])
|
|
23
23
|
|
|
24
24
|
# validates email
|
|
25
25
|
validates :email, :presence => true, :if => :email_required?
|
|
@@ -27,6 +27,9 @@ module Devise
|
|
|
27
27
|
|
|
28
28
|
# validates password
|
|
29
29
|
validates :password, :presence => true, :length => password_length, :format => password_regex, :confirmation => true, :if => :password_required?
|
|
30
|
+
|
|
31
|
+
# don't allow use same password
|
|
32
|
+
validate :current_equal_password_validation
|
|
30
33
|
end
|
|
31
34
|
end
|
|
32
35
|
|
|
@@ -34,6 +37,13 @@ module Devise
|
|
|
34
37
|
raise "Could not use SecureValidatable on #{base}" unless base.respond_to?(:validates)
|
|
35
38
|
end
|
|
36
39
|
|
|
40
|
+
def current_equal_password_validation
|
|
41
|
+
dummy = self.class.new
|
|
42
|
+
dummy.encrypted_password = self.encrypted_password
|
|
43
|
+
dummy.password_salt = self.password_salt
|
|
44
|
+
self.errors.add(:password, :equal_to_current_password) if dummy.valid_password?(self.password)
|
|
45
|
+
end
|
|
46
|
+
|
|
37
47
|
protected
|
|
38
48
|
|
|
39
49
|
# Checks whether a password is needed or not. For validations only.
|
metadata
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
name: devise_security_extension
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease:
|
|
5
|
-
version: 0.3.
|
|
5
|
+
version: 0.3.3
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- Marco Scholl
|
|
@@ -10,7 +10,7 @@ autorequire:
|
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
12
|
|
|
13
|
-
date: 2011-
|
|
13
|
+
date: 2011-03-08 00:00:00 +01:00
|
|
14
14
|
default_executable:
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
@@ -129,7 +129,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
129
129
|
requirements:
|
|
130
130
|
- - ">="
|
|
131
131
|
- !ruby/object:Gem::Version
|
|
132
|
-
hash: -
|
|
132
|
+
hash: -1012646125628855063
|
|
133
133
|
segments:
|
|
134
134
|
- 0
|
|
135
135
|
version: "0"
|