devise_security_extension 0.3.4 → 0.3.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. data/Gemfile.lock +26 -63
  2. data/VERSION +1 -1
  3. data/app/controllers/devise/password_expired_controller.rb +1 -1
  4. data/config/locales/en.yml +2 -2
  5. data/devise_security_extension.gemspec +3 -3
  6. data/lib/devise_security_extension/controllers/helpers.rb +11 -4
  7. data/lib/devise_security_extension/hooks/password_expirable.rb +3 -1
  8. data/lib/devise_security_extension/models/password_archivable.rb +5 -1
  9. data/lib/devise_security_extension/models/secure_validatable.rb +2 -2
  10. data/lib/devise_security_extension/schema.rb +1 -1
  11. metadata +62 -67
data/Gemfile.lock CHANGED
@@ -1,83 +1,46 @@
1
1
  GEM
2
2
  remote: http://rubygems.org/
3
3
  specs:
4
- abstract (1.0.0)
5
- actionmailer (3.0.3)
6
- actionpack (= 3.0.3)
7
- mail (~> 2.2.9)
8
- actionpack (3.0.3)
9
- activemodel (= 3.0.3)
10
- activesupport (= 3.0.3)
4
+ actionmailer (0.6.1)
5
+ actionpack (>= 0.9.5)
6
+ actionpack (1.4.0)
7
+ activemodel (3.0.7)
8
+ activesupport (= 3.0.7)
11
9
  builder (~> 2.1.2)
12
- erubis (~> 2.6.6)
13
- i18n (~> 0.4)
14
- rack (~> 1.2.1)
15
- rack-mount (~> 0.6.13)
16
- rack-test (~> 0.5.6)
17
- tzinfo (~> 0.3.23)
18
- activemodel (3.0.3)
19
- activesupport (= 3.0.3)
20
- builder (~> 2.1.2)
21
- i18n (~> 0.4)
22
- activerecord (3.0.3)
23
- activemodel (= 3.0.3)
24
- activesupport (= 3.0.3)
10
+ i18n (~> 0.5.0)
11
+ activerecord (3.0.7)
12
+ activemodel (= 3.0.7)
13
+ activesupport (= 3.0.7)
25
14
  arel (~> 2.0.2)
26
15
  tzinfo (~> 0.3.23)
27
- activeresource (3.0.3)
28
- activemodel (= 3.0.3)
29
- activesupport (= 3.0.3)
30
- activesupport (3.0.3)
31
- arel (2.0.7)
16
+ activesupport (3.0.7)
17
+ arel (2.0.10)
32
18
  bcrypt-ruby (2.1.4)
33
19
  builder (2.1.2)
34
- devise (1.1.5)
20
+ devise (1.3.4)
35
21
  bcrypt-ruby (~> 2.1.2)
36
- warden (~> 1.0.2)
37
- erubis (2.6.6)
38
- abstract (>= 1.0.0)
22
+ orm_adapter (~> 0.0.3)
23
+ warden (~> 1.0.3)
39
24
  git (1.2.5)
40
25
  i18n (0.5.0)
41
26
  jeweler (1.5.2)
42
27
  bundler (~> 1.0.0)
43
28
  git (>= 1.2.5)
44
29
  rake
45
- mail (2.2.15)
46
- activesupport (>= 2.3.6)
47
- i18n (>= 0.4.0)
48
- mime-types (~> 1.16)
49
- treetop (~> 1.4.8)
50
- mime-types (1.16)
51
- polyglot (0.3.1)
52
- rack (1.2.1)
53
- rack-mount (0.6.13)
54
- rack (>= 1.0.0)
55
- rack-test (0.5.7)
56
- rack (>= 1.0)
57
- rails (3.0.3)
58
- actionmailer (= 3.0.3)
59
- actionpack (= 3.0.3)
60
- activerecord (= 3.0.3)
61
- activeresource (= 3.0.3)
62
- activesupport (= 3.0.3)
63
- bundler (~> 1.0)
64
- railties (= 3.0.3)
65
- rails_email_validator (0.1.1)
30
+ orm_adapter (0.0.5)
31
+ rack (1.3.0)
32
+ rails (0.9.5)
33
+ actionmailer (>= 0.6.1)
34
+ actionpack (>= 1.4.0)
35
+ activerecord (>= 1.6.0)
36
+ rake (>= 0.4.15)
37
+ rails_email_validator (0.1.4)
66
38
  activemodel (>= 3.0.0)
67
- activemodel (>= 3.0.0)
68
- railties (3.0.3)
69
- actionpack (= 3.0.3)
70
- activesupport (= 3.0.3)
71
- rake (>= 0.8.7)
72
- thor (~> 0.14.4)
73
- rake (0.8.7)
39
+ rake (0.9.1)
74
40
  rcov (0.9.9)
75
- thor (0.14.6)
76
- treetop (1.4.9)
77
- polyglot (>= 0.3.1)
78
- tzinfo (0.3.24)
79
- warden (1.0.3)
80
- rack (>= 1.0.0)
41
+ tzinfo (0.3.27)
42
+ warden (1.0.4)
43
+ rack (>= 1.0)
81
44
 
82
45
  PLATFORMS
83
46
  ruby
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.3.4
1
+ 0.3.5
data/app/controllers/devise/password_expired_controller.rb CHANGED
@@ -4,7 +4,7 @@ class Devise::PasswordExpiredController < ApplicationController
4
4
  include Devise::Controllers::InternalHelpers
5
5
 
6
6
  def show
7
- if resource.need_change_password?
7
+ if not resource.nil? and resource.need_change_password?
8
8
  render_with_scope :show
9
9
  else
10
10
  redirect_to :root
data/config/locales/en.yml CHANGED
@@ -1,5 +1,5 @@
1
1
  en:
2
2
  devise:
3
3
  password_expired:
4
- updated: Yout new password is saved
5
- change_required: You password is expired. Please renew your password!
4
+ updated: Your new password is saved
5
+ change_required: Your password is expired. Please renew your password!
data/devise_security_extension.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{devise_security_extension}
8
- s.version = "0.3.4"
8
+ s.version = "0.3.5"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Marco Scholl"]
12
- s.date = %q{2011-03-09}
12
+ s.date = %q{2011-06-01}
13
13
  s.description = %q{a gem for extend devise for more password security}
14
14
  s.email = %q{team@phatworx.de}
15
15
  s.extra_rdoc_files = [
@@ -47,7 +47,7 @@ Gem::Specification.new do |s|
47
47
  s.homepage = %q{http://github.com/phatworx/devise_security_extension}
48
48
  s.licenses = ["MIT"]
49
49
  s.require_paths = ["lib"]
50
- s.rubygems_version = %q{1.5.0}
50
+ s.rubygems_version = %q{1.6.2}
51
51
  s.summary = %q{an security extension for devise}
52
52
  s.test_files = [
53
53
  "test/helper.rb",
data/lib/devise_security_extension/controllers/helpers.rb CHANGED
@@ -14,12 +14,12 @@ module DeviseSecurityExtension
14
14
 
15
15
  # lookup if an password change needed
16
16
  def handle_password_change
17
- Devise.mappings.keys.flatten.any? do |scope|
18
- if signed_in? scope
19
- if warden.session(scope)[:password_expired]
17
+ if not devise_controller? and not ignore_password_expire? and not request.format.nil? and request.format.html?
18
+ Devise.mappings.keys.flatten.any? do |scope|
19
+ if signed_in?(scope) and warden.session(scope)[:password_expired]
20
20
  session["#{scope}_return_to"] = request.path if request.get?
21
21
  redirect_for_password_change scope
22
- break
22
+ return
23
23
  end
24
24
  end
25
25
  end
@@ -36,6 +36,13 @@ module DeviseSecurityExtension
36
36
  change_path = "#{scope}_password_expired_path"
37
37
  send(change_path)
38
38
  end
39
+
40
+ protected
41
+
42
+ # allow to overwrite for some special handlings
43
+ def ignore_password_expire?
44
+ false
45
+ end
39
46
 
40
47
  end
41
48
  end
data/lib/devise_security_extension/hooks/password_expirable.rb CHANGED
@@ -1,3 +1,5 @@
1
1
  Warden::Manager.after_authentication do |record, warden, options|
2
- warden.session(options[:scope])[:password_expired] = record.need_change_password?
2
+ if record.respond_to?(:need_change_password?)
3
+ warden.session(options[:scope])[:password_expired] = record.need_change_password?
4
+ end
3
5
  end
data/lib/devise_security_extension/models/password_archivable.rb CHANGED
@@ -49,7 +49,11 @@ module Devise # :nodoc:
49
49
  def archive_password
50
50
  if self.encrypted_password_changed?
51
51
  if self.class.password_archiving_count.to_i > 0
52
- self.old_passwords.create! :encrypted_password => self.encrypted_password_change.first, :password_salt => self.password_salt_change.first
52
+ if self.password_salt_change.nil?
53
+ self.old_passwords.create! :encrypted_password => self.encrypted_password_change.first
54
+ else
55
+ self.old_passwords.create! :encrypted_password => self.encrypted_password_change.first, :password_salt => self.password_salt_change.first
56
+ end
53
57
  self.old_passwords.order('created_at DESC').offset(self.class.password_archiving_count).destroy_all
54
58
  else
55
59
  self.old_passwords.destroy_all
data/lib/devise_security_extension/models/secure_validatable.rb CHANGED
@@ -38,10 +38,10 @@ module Devise
38
38
  end
39
39
 
40
40
  def current_equal_password_validation
41
- unless self.encrypted_password_change.nil?
41
+ if not self.new_record? and not self.encrypted_password_change.nil?
42
42
  dummy = self.class.new
43
43
  dummy.encrypted_password = self.encrypted_password_change.first
44
- dummy.password_salt = self.password_salt_change.first
44
+ dummy.password_salt = self.password_salt_change.first if self.respond_to? :password_salt_change and not self.password_salt_change.nil?
45
45
  self.errors.add(:password, :equal_to_current_password) if dummy.valid_password?(self.password)
46
46
  end
47
47
  end
data/lib/devise_security_extension/schema.rb CHANGED
@@ -31,7 +31,7 @@ module DeviseSecurityExtension
31
31
  #
32
32
  def password_archivable
33
33
  apply_devise_schema :encrypted_password, String, :limit => 128, :null => false
34
- apply_devise_schema :password_salt, String, :null => false
34
+ apply_devise_schema :password_salt, String
35
35
  apply_devise_schema :password_archivable_id, Integer, :null => false
36
36
  apply_devise_schema :password_archivable_type, String, :null => false
37
37
  apply_devise_schema :created_at, DateTime
metadata CHANGED
@@ -1,94 +1,91 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: devise_security_extension
3
- version: !ruby/object:Gem::Version
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.3.5
4
5
  prerelease:
5
- version: 0.3.4
6
6
  platform: ruby
7
- authors:
7
+ authors:
8
8
  - Marco Scholl
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
-
13
- date: 2011-03-09 00:00:00 +01:00
12
+ date: 2011-06-01 00:00:00.000000000 +02:00
14
13
  default_executable:
15
- dependencies:
16
- - !ruby/object:Gem::Dependency
14
+ dependencies:
15
+ - !ruby/object:Gem::Dependency
17
16
  name: rails
18
- requirement: &id001 !ruby/object:Gem::Requirement
17
+ requirement: &19711100 !ruby/object:Gem::Requirement
19
18
  none: false
20
- requirements:
21
- - - ">="
22
- - !ruby/object:Gem::Version
23
- version: "0"
19
+ requirements:
20
+ - - ! '>='
21
+ - !ruby/object:Gem::Version
22
+ version: '0'
24
23
  type: :runtime
25
24
  prerelease: false
26
- version_requirements: *id001
27
- - !ruby/object:Gem::Dependency
25
+ version_requirements: *19711100
26
+ - !ruby/object:Gem::Dependency
28
27
  name: devise
29
- requirement: &id002 !ruby/object:Gem::Requirement
28
+ requirement: &19710620 !ruby/object:Gem::Requirement
30
29
  none: false
31
- requirements:
32
- - - ">="
33
- - !ruby/object:Gem::Version
34
- version: "0"
30
+ requirements:
31
+ - - ! '>='
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
35
34
  type: :runtime
36
35
  prerelease: false
37
- version_requirements: *id002
38
- - !ruby/object:Gem::Dependency
36
+ version_requirements: *19710620
37
+ - !ruby/object:Gem::Dependency
39
38
  name: rails_email_validator
40
- requirement: &id003 !ruby/object:Gem::Requirement
39
+ requirement: &19710140 !ruby/object:Gem::Requirement
41
40
  none: false
42
- requirements:
43
- - - ">="
44
- - !ruby/object:Gem::Version
45
- version: "0"
41
+ requirements:
42
+ - - ! '>='
43
+ - !ruby/object:Gem::Version
44
+ version: '0'
46
45
  type: :runtime
47
46
  prerelease: false
48
- version_requirements: *id003
49
- - !ruby/object:Gem::Dependency
47
+ version_requirements: *19710140
48
+ - !ruby/object:Gem::Dependency
50
49
  name: bundler
51
- requirement: &id004 !ruby/object:Gem::Requirement
50
+ requirement: &19709660 !ruby/object:Gem::Requirement
52
51
  none: false
53
- requirements:
52
+ requirements:
54
53
  - - ~>
55
- - !ruby/object:Gem::Version
54
+ - !ruby/object:Gem::Version
56
55
  version: 1.0.0
57
56
  type: :development
58
57
  prerelease: false
59
- version_requirements: *id004
60
- - !ruby/object:Gem::Dependency
58
+ version_requirements: *19709660
59
+ - !ruby/object:Gem::Dependency
61
60
  name: jeweler
62
- requirement: &id005 !ruby/object:Gem::Requirement
61
+ requirement: &19709180 !ruby/object:Gem::Requirement
63
62
  none: false
64
- requirements:
63
+ requirements:
65
64
  - - ~>
66
- - !ruby/object:Gem::Version
65
+ - !ruby/object:Gem::Version
67
66
  version: 1.5.2
68
67
  type: :development
69
68
  prerelease: false
70
- version_requirements: *id005
71
- - !ruby/object:Gem::Dependency
69
+ version_requirements: *19709180
70
+ - !ruby/object:Gem::Dependency
72
71
  name: rcov
73
- requirement: &id006 !ruby/object:Gem::Requirement
72
+ requirement: &19708700 !ruby/object:Gem::Requirement
74
73
  none: false
75
- requirements:
76
- - - ">="
77
- - !ruby/object:Gem::Version
78
- version: "0"
74
+ requirements:
75
+ - - ! '>='
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
79
78
  type: :development
80
79
  prerelease: false
81
- version_requirements: *id006
80
+ version_requirements: *19708700
82
81
  description: a gem for extend devise for more password security
83
82
  email: team@phatworx.de
84
83
  executables: []
85
-
86
84
  extensions: []
87
-
88
- extra_rdoc_files:
85
+ extra_rdoc_files:
89
86
  - LICENSE.txt
90
87
  - README.rdoc
91
- files:
88
+ files:
92
89
  - .document
93
90
  - Gemfile
94
91
  - Gemfile.lock
@@ -117,35 +114,33 @@ files:
117
114
  - test/test_devise_security_extension.rb
118
115
  has_rdoc: true
119
116
  homepage: http://github.com/phatworx/devise_security_extension
120
- licenses:
117
+ licenses:
121
118
  - MIT
122
119
  post_install_message:
123
120
  rdoc_options: []
124
-
125
- require_paths:
121
+ require_paths:
126
122
  - lib
127
- required_ruby_version: !ruby/object:Gem::Requirement
123
+ required_ruby_version: !ruby/object:Gem::Requirement
128
124
  none: false
129
- requirements:
130
- - - ">="
131
- - !ruby/object:Gem::Version
132
- hash: -4027383644345550227
133
- segments:
125
+ requirements:
126
+ - - ! '>='
127
+ - !ruby/object:Gem::Version
128
+ version: '0'
129
+ segments:
134
130
  - 0
135
- version: "0"
136
- required_rubygems_version: !ruby/object:Gem::Requirement
131
+ hash: 2051468966150928992
132
+ required_rubygems_version: !ruby/object:Gem::Requirement
137
133
  none: false
138
- requirements:
139
- - - ">="
140
- - !ruby/object:Gem::Version
141
- version: "0"
134
+ requirements:
135
+ - - ! '>='
136
+ - !ruby/object:Gem::Version
137
+ version: '0'
142
138
  requirements: []
143
-
144
139
  rubyforge_project:
145
- rubygems_version: 1.5.0
140
+ rubygems_version: 1.6.2
146
141
  signing_key:
147
142
  specification_version: 3
148
143
  summary: an security extension for devise
149
- test_files:
144
+ test_files:
150
145
  - test/helper.rb
151
146
  - test/test_devise_security_extension.rb