devise_security_extension 0.4.2 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +2 -2
- data/Gemfile.lock +76 -66
- data/README.rdoc +3 -4
- data/Rakefile +1 -8
- data/VERSION +1 -1
- data/config/locales/de.yml +2 -0
- data/config/locales/en.yml +2 -0
- data/devise_security_extension.gemspec +13 -14
- data/lib/devise_security_extension.rb +1 -0
- data/lib/devise_security_extension/hooks/session_limitable.rb +28 -0
- data/lib/devise_security_extension/models/password_archivable.rb +1 -1
- data/lib/devise_security_extension/models/session_limitable.rb +21 -0
- data/lib/devise_security_extension/schema.rb +19 -0
- data/lib/generators/devise_security_extension/install_generator.rb +1 -1
- metadata +19 -30
data/Gemfile
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
source "http://rubygems.org"
|
|
2
2
|
# Add dependencies required to use your gem here.
|
|
3
3
|
# Example:
|
|
4
|
-
gem "rails", ">= 3.
|
|
4
|
+
gem "rails", ">= 3.1.1"
|
|
5
5
|
gem "devise"
|
|
6
6
|
|
|
7
7
|
# Add dependencies to develop your gem here.
|
|
@@ -11,5 +11,5 @@ group :development do
|
|
|
11
11
|
gem "easy_captcha"
|
|
12
12
|
gem "bundler", "~> 1.0.0"
|
|
13
13
|
gem "jeweler", "~> 1.5.2"
|
|
14
|
-
gem "rcov", ">= 0"
|
|
14
|
+
# gem "rcov", ">= 0"
|
|
15
15
|
end
|
data/Gemfile.lock
CHANGED
|
@@ -1,89 +1,100 @@
|
|
|
1
1
|
GEM
|
|
2
2
|
remote: http://rubygems.org/
|
|
3
3
|
specs:
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
rack (~> 1.
|
|
15
|
-
rack-mount (~> 0.
|
|
16
|
-
rack-test (~> 0.
|
|
17
|
-
|
|
18
|
-
activemodel (3.
|
|
19
|
-
activesupport (= 3.
|
|
20
|
-
builder (~>
|
|
21
|
-
i18n (~> 0.
|
|
22
|
-
activerecord (3.
|
|
23
|
-
activemodel (= 3.
|
|
24
|
-
activesupport (= 3.
|
|
25
|
-
arel (~> 2.
|
|
26
|
-
tzinfo (~> 0.3.
|
|
27
|
-
activeresource (3.
|
|
28
|
-
activemodel (= 3.
|
|
29
|
-
activesupport (= 3.
|
|
30
|
-
activesupport (3.
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
4
|
+
actionmailer (3.1.3)
|
|
5
|
+
actionpack (= 3.1.3)
|
|
6
|
+
mail (~> 2.3.0)
|
|
7
|
+
actionpack (3.1.3)
|
|
8
|
+
activemodel (= 3.1.3)
|
|
9
|
+
activesupport (= 3.1.3)
|
|
10
|
+
builder (~> 3.0.0)
|
|
11
|
+
erubis (~> 2.7.0)
|
|
12
|
+
i18n (~> 0.6)
|
|
13
|
+
rack (~> 1.3.5)
|
|
14
|
+
rack-cache (~> 1.1)
|
|
15
|
+
rack-mount (~> 0.8.2)
|
|
16
|
+
rack-test (~> 0.6.1)
|
|
17
|
+
sprockets (~> 2.0.3)
|
|
18
|
+
activemodel (3.1.3)
|
|
19
|
+
activesupport (= 3.1.3)
|
|
20
|
+
builder (~> 3.0.0)
|
|
21
|
+
i18n (~> 0.6)
|
|
22
|
+
activerecord (3.1.3)
|
|
23
|
+
activemodel (= 3.1.3)
|
|
24
|
+
activesupport (= 3.1.3)
|
|
25
|
+
arel (~> 2.2.1)
|
|
26
|
+
tzinfo (~> 0.3.29)
|
|
27
|
+
activeresource (3.1.3)
|
|
28
|
+
activemodel (= 3.1.3)
|
|
29
|
+
activesupport (= 3.1.3)
|
|
30
|
+
activesupport (3.1.3)
|
|
31
|
+
multi_json (~> 1.0)
|
|
32
|
+
arel (2.2.1)
|
|
33
|
+
bcrypt-ruby (3.0.1)
|
|
34
|
+
builder (3.0.0)
|
|
35
|
+
devise (1.5.1)
|
|
36
|
+
bcrypt-ruby (~> 3.0)
|
|
36
37
|
orm_adapter (~> 0.0.3)
|
|
37
|
-
warden (~> 1.
|
|
38
|
-
easy_captcha (0.4.
|
|
38
|
+
warden (~> 1.1)
|
|
39
|
+
easy_captcha (0.4.5)
|
|
39
40
|
rails (>= 3.0.0)
|
|
40
|
-
|
|
41
|
-
rmagick
|
|
42
|
-
rmagick
|
|
43
|
-
erubis (2.6.6)
|
|
44
|
-
abstract (>= 1.0.0)
|
|
41
|
+
erubis (2.7.0)
|
|
45
42
|
git (1.2.5)
|
|
46
|
-
|
|
43
|
+
hike (1.2.1)
|
|
44
|
+
i18n (0.6.0)
|
|
47
45
|
jeweler (1.5.2)
|
|
48
46
|
bundler (~> 1.0.0)
|
|
49
47
|
git (>= 1.2.5)
|
|
50
48
|
rake
|
|
51
|
-
|
|
52
|
-
|
|
49
|
+
json (1.6.1)
|
|
50
|
+
mail (2.3.0)
|
|
53
51
|
i18n (>= 0.4.0)
|
|
54
52
|
mime-types (~> 1.16)
|
|
55
53
|
treetop (~> 1.4.8)
|
|
56
|
-
mime-types (1.
|
|
54
|
+
mime-types (1.17.2)
|
|
55
|
+
multi_json (1.0.3)
|
|
57
56
|
orm_adapter (0.0.5)
|
|
58
|
-
polyglot (0.3.
|
|
59
|
-
rack (1.
|
|
60
|
-
rack-
|
|
57
|
+
polyglot (0.3.3)
|
|
58
|
+
rack (1.3.5)
|
|
59
|
+
rack-cache (1.1)
|
|
60
|
+
rack (>= 0.4)
|
|
61
|
+
rack-mount (0.8.3)
|
|
61
62
|
rack (>= 1.0.0)
|
|
62
|
-
rack-
|
|
63
|
+
rack-ssl (1.3.2)
|
|
64
|
+
rack
|
|
65
|
+
rack-test (0.6.1)
|
|
63
66
|
rack (>= 1.0)
|
|
64
|
-
rails (3.
|
|
65
|
-
actionmailer (= 3.
|
|
66
|
-
actionpack (= 3.
|
|
67
|
-
activerecord (= 3.
|
|
68
|
-
activeresource (= 3.
|
|
69
|
-
activesupport (= 3.
|
|
67
|
+
rails (3.1.3)
|
|
68
|
+
actionmailer (= 3.1.3)
|
|
69
|
+
actionpack (= 3.1.3)
|
|
70
|
+
activerecord (= 3.1.3)
|
|
71
|
+
activeresource (= 3.1.3)
|
|
72
|
+
activesupport (= 3.1.3)
|
|
70
73
|
bundler (~> 1.0)
|
|
71
|
-
railties (= 3.
|
|
74
|
+
railties (= 3.1.3)
|
|
72
75
|
rails_email_validator (0.1.4)
|
|
73
76
|
activemodel (>= 3.0.0)
|
|
74
|
-
railties (3.
|
|
75
|
-
actionpack (= 3.
|
|
76
|
-
activesupport (= 3.
|
|
77
|
+
railties (3.1.3)
|
|
78
|
+
actionpack (= 3.1.3)
|
|
79
|
+
activesupport (= 3.1.3)
|
|
80
|
+
rack-ssl (~> 1.3.2)
|
|
77
81
|
rake (>= 0.8.7)
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
+
rdoc (~> 3.4)
|
|
83
|
+
thor (~> 0.14.6)
|
|
84
|
+
rake (0.9.2.2)
|
|
85
|
+
rdoc (3.11)
|
|
86
|
+
json (~> 1.4)
|
|
87
|
+
sprockets (2.0.3)
|
|
88
|
+
hike (~> 1.2)
|
|
89
|
+
rack (~> 1.0)
|
|
90
|
+
tilt (~> 1.1, != 1.3.0)
|
|
82
91
|
thor (0.14.6)
|
|
83
|
-
|
|
92
|
+
tilt (1.3.3)
|
|
93
|
+
treetop (1.4.10)
|
|
94
|
+
polyglot
|
|
84
95
|
polyglot (>= 0.3.1)
|
|
85
|
-
tzinfo (0.3.
|
|
86
|
-
warden (1.0
|
|
96
|
+
tzinfo (0.3.31)
|
|
97
|
+
warden (1.1.0)
|
|
87
98
|
rack (>= 1.0)
|
|
88
99
|
|
|
89
100
|
PLATFORMS
|
|
@@ -94,6 +105,5 @@ DEPENDENCIES
|
|
|
94
105
|
devise
|
|
95
106
|
easy_captcha
|
|
96
107
|
jeweler (~> 1.5.2)
|
|
97
|
-
rails (>= 3.
|
|
108
|
+
rails (>= 3.1.1)
|
|
98
109
|
rails_email_validator
|
|
99
|
-
rcov
|
data/README.rdoc
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
= devise_security_extension
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
An enterprise security extension for devise, trying to meet industrial standard security demands for web applications.
|
|
4
4
|
|
|
5
5
|
== Features
|
|
6
6
|
|
|
7
7
|
* expire passwords (update password with current password)
|
|
8
8
|
* strong password validation
|
|
9
|
-
* save old passwords
|
|
10
|
-
* captcha support for sign_up, sign_in, recover and unlock
|
|
9
|
+
* save old passwords to protect users from assigning old/expired passwords again
|
|
10
|
+
* captcha support for sign_up, sign_in, recover and unlock (to make automated mass creation and brute forcing of accounts harder)
|
|
11
11
|
|
|
12
12
|
== Installation
|
|
13
13
|
add to Gemfile
|
|
@@ -117,4 +117,3 @@ That's all!
|
|
|
117
117
|
|
|
118
118
|
Copyright (c) 2011 Marco Scholl. See LICENSE.txt for
|
|
119
119
|
further details.
|
|
120
|
-
|
data/Rakefile
CHANGED
|
@@ -29,16 +29,9 @@ Rake::TestTask.new(:test) do |test|
|
|
|
29
29
|
test.verbose = true
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
require 'rcov/rcovtask'
|
|
33
|
-
Rcov::RcovTask.new do |test|
|
|
34
|
-
test.libs << 'test'
|
|
35
|
-
test.pattern = 'test/**/test_*.rb'
|
|
36
|
-
test.verbose = true
|
|
37
|
-
end
|
|
38
|
-
|
|
39
32
|
task :default => :test
|
|
40
33
|
|
|
41
|
-
require '
|
|
34
|
+
require 'rdoc/task'
|
|
42
35
|
Rake::RDocTask.new do |rdoc|
|
|
43
36
|
version = File.exist?('VERSION') ? File.read('VERSION') : ""
|
|
44
37
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.5.0
|
data/config/locales/de.yml
CHANGED
|
@@ -8,3 +8,5 @@ de:
|
|
|
8
8
|
password_expired:
|
|
9
9
|
updated: "Das neue Passwort wurde übernommen."
|
|
10
10
|
change_required: "Ihr Passwort ist abgelaufen. Bitte vergeben sie ein neues Passwort!"
|
|
11
|
+
failure:
|
|
12
|
+
session_limited: 'Ihre Anmeldedaten wurden in einem anderen Browser genutzt. Bitte melden Sie sich erneut an, um in diesem Browser fortzufahren.'
|
data/config/locales/en.yml
CHANGED
|
@@ -8,3 +8,5 @@ en:
|
|
|
8
8
|
password_expired:
|
|
9
9
|
updated: "Your new password is saved."
|
|
10
10
|
change_required: "Your password is expired. Please renew your password!"
|
|
11
|
+
failure:
|
|
12
|
+
session_limited: 'Your login credentials were used in another browser. Please sign in again to continue in this browser.'
|
|
@@ -4,14 +4,14 @@
|
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
|
-
s.name =
|
|
8
|
-
s.version = "0.
|
|
7
|
+
s.name = "devise_security_extension"
|
|
8
|
+
s.version = "0.5.0"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Marco Scholl"]
|
|
12
|
-
s.date =
|
|
13
|
-
s.description =
|
|
14
|
-
s.email =
|
|
12
|
+
s.date = "2011-12-27"
|
|
13
|
+
s.description = "a gem for extend devise for more password security"
|
|
14
|
+
s.email = "team@phatworx.de"
|
|
15
15
|
s.extra_rdoc_files = [
|
|
16
16
|
"LICENSE.txt",
|
|
17
17
|
"README.rdoc"
|
|
@@ -32,10 +32,12 @@ Gem::Specification.new do |s|
|
|
|
32
32
|
"lib/devise_security_extension.rb",
|
|
33
33
|
"lib/devise_security_extension/controllers/helpers.rb",
|
|
34
34
|
"lib/devise_security_extension/hooks/password_expirable.rb",
|
|
35
|
+
"lib/devise_security_extension/hooks/session_limitable.rb",
|
|
35
36
|
"lib/devise_security_extension/models/old_password.rb",
|
|
36
37
|
"lib/devise_security_extension/models/password_archivable.rb",
|
|
37
38
|
"lib/devise_security_extension/models/password_expirable.rb",
|
|
38
39
|
"lib/devise_security_extension/models/secure_validatable.rb",
|
|
40
|
+
"lib/devise_security_extension/models/session_limitable.rb",
|
|
39
41
|
"lib/devise_security_extension/orm/active_record.rb",
|
|
40
42
|
"lib/devise_security_extension/patches.rb",
|
|
41
43
|
"lib/devise_security_extension/patches/controller_captcha.rb",
|
|
@@ -46,11 +48,11 @@ Gem::Specification.new do |s|
|
|
|
46
48
|
"test/helper.rb",
|
|
47
49
|
"test/test_devise_security_extension.rb"
|
|
48
50
|
]
|
|
49
|
-
s.homepage =
|
|
51
|
+
s.homepage = "http://github.com/phatworx/devise_security_extension"
|
|
50
52
|
s.licenses = ["MIT"]
|
|
51
53
|
s.require_paths = ["lib"]
|
|
52
|
-
s.rubygems_version =
|
|
53
|
-
s.summary =
|
|
54
|
+
s.rubygems_version = "1.8.10"
|
|
55
|
+
s.summary = "an security extension for devise"
|
|
54
56
|
s.test_files = [
|
|
55
57
|
"test/helper.rb",
|
|
56
58
|
"test/test_devise_security_extension.rb"
|
|
@@ -60,30 +62,27 @@ Gem::Specification.new do |s|
|
|
|
60
62
|
s.specification_version = 3
|
|
61
63
|
|
|
62
64
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
|
63
|
-
s.add_runtime_dependency(%q<rails>, [">= 3.
|
|
65
|
+
s.add_runtime_dependency(%q<rails>, [">= 3.1.1"])
|
|
64
66
|
s.add_runtime_dependency(%q<devise>, [">= 0"])
|
|
65
67
|
s.add_development_dependency(%q<rails_email_validator>, [">= 0"])
|
|
66
68
|
s.add_development_dependency(%q<easy_captcha>, [">= 0"])
|
|
67
69
|
s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
|
|
68
70
|
s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
|
|
69
|
-
s.add_development_dependency(%q<rcov>, [">= 0"])
|
|
70
71
|
else
|
|
71
|
-
s.add_dependency(%q<rails>, [">= 3.
|
|
72
|
+
s.add_dependency(%q<rails>, [">= 3.1.1"])
|
|
72
73
|
s.add_dependency(%q<devise>, [">= 0"])
|
|
73
74
|
s.add_dependency(%q<rails_email_validator>, [">= 0"])
|
|
74
75
|
s.add_dependency(%q<easy_captcha>, [">= 0"])
|
|
75
76
|
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
|
76
77
|
s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
|
|
77
|
-
s.add_dependency(%q<rcov>, [">= 0"])
|
|
78
78
|
end
|
|
79
79
|
else
|
|
80
|
-
s.add_dependency(%q<rails>, [">= 3.
|
|
80
|
+
s.add_dependency(%q<rails>, [">= 3.1.1"])
|
|
81
81
|
s.add_dependency(%q<devise>, [">= 0"])
|
|
82
82
|
s.add_dependency(%q<rails_email_validator>, [">= 0"])
|
|
83
83
|
s.add_dependency(%q<easy_captcha>, [">= 0"])
|
|
84
84
|
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
|
85
85
|
s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
|
|
86
|
-
s.add_dependency(%q<rcov>, [">= 0"])
|
|
87
86
|
end
|
|
88
87
|
end
|
|
89
88
|
|
|
@@ -60,6 +60,7 @@ end
|
|
|
60
60
|
Devise.add_module :password_expirable, :controller => :password_expirable, :model => 'devise_security_extension/models/password_expirable', :route => :password_expired
|
|
61
61
|
Devise.add_module :secure_validatable, :model => 'devise_security_extension/models/secure_validatable'
|
|
62
62
|
Devise.add_module :password_archivable, :model => 'devise_security_extension/models/password_archivable'
|
|
63
|
+
Devise.add_module :session_limitable, :model => 'devise_security_extension/models/session_limitable'
|
|
63
64
|
|
|
64
65
|
# requires
|
|
65
66
|
require 'devise_security_extension/routes'
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# After each sign in, update unique_session_id.
|
|
2
|
+
# This is only triggered when the user is explicitly set (with set_user)
|
|
3
|
+
# and on authentication. Retrieving the user from session (:fetch) does
|
|
4
|
+
# not trigger it.
|
|
5
|
+
Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
|
|
6
|
+
if record.respond_to?(:update_unique_session_id!) && warden.authenticated?(options[:scope])
|
|
7
|
+
unique_session_id = Devise.friendly_token
|
|
8
|
+
warden.session(options[:scope])['unique_session_id'] = unique_session_id
|
|
9
|
+
record.update_unique_session_id!(unique_session_id)
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
# Each time a record is fetched from session we check if a new session from another
|
|
14
|
+
# browser was opened for the record or not, based on a unique session identifier.
|
|
15
|
+
# If so, the old account is logged out and redirected to the sign in page on the next request.
|
|
16
|
+
Warden::Manager.after_set_user :only => :fetch do |record, warden, options|
|
|
17
|
+
scope = options[:scope]
|
|
18
|
+
|
|
19
|
+
if warden.authenticated?(scope)
|
|
20
|
+
unless record.unique_session_id == warden.session(scope)['unique_session_id']
|
|
21
|
+
path_checker = Devise::PathChecker.new(warden.env, scope)
|
|
22
|
+
unless path_checker.signing_out?
|
|
23
|
+
warden.logout(scope)
|
|
24
|
+
throw :warden, :scope => scope, :message => :session_limited
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -18,7 +18,7 @@ module Devise # :nodoc:
|
|
|
18
18
|
module InstanceMethods # :nodoc:
|
|
19
19
|
|
|
20
20
|
def validate_password_archive
|
|
21
|
-
self.errors.add(:password, :taken_in_past) if password_archive_included?
|
|
21
|
+
self.errors.add(:password, :taken_in_past) if encrypted_password_changed? and password_archive_included?
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
# validate is the password used in the past
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
require 'devise_security_extension/hooks/session_limitable'
|
|
2
|
+
|
|
3
|
+
module Devise # :nodoc:
|
|
4
|
+
module Models # :nodoc:
|
|
5
|
+
# SessionLimited ensures, that there is only one session usable per account at once.
|
|
6
|
+
# If someone logs in, and some other is logging in with the same credentials,
|
|
7
|
+
# the session from the first one is invalidated and not usable anymore.
|
|
8
|
+
# The first one is redirected to the sign page with a message, telling that
|
|
9
|
+
# someone used his credentials to sign in.
|
|
10
|
+
module SessionLimitable
|
|
11
|
+
extend ActiveSupport::Concern
|
|
12
|
+
|
|
13
|
+
def update_unique_session_id!(unique_session_id)
|
|
14
|
+
self.unique_session_id = unique_session_id
|
|
15
|
+
|
|
16
|
+
save(:validate => false)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -36,5 +36,24 @@ module DeviseSecurityExtension
|
|
|
36
36
|
apply_devise_schema :password_archivable_type, String, :null => false
|
|
37
37
|
apply_devise_schema :created_at, DateTime
|
|
38
38
|
end
|
|
39
|
+
|
|
40
|
+
# Add session_limitable columns in the resource's database table.
|
|
41
|
+
#
|
|
42
|
+
# Examples
|
|
43
|
+
#
|
|
44
|
+
# # For a new resource migration:
|
|
45
|
+
# create_table :the_resources do |t|
|
|
46
|
+
# t.session_limitable
|
|
47
|
+
# ...
|
|
48
|
+
# end
|
|
49
|
+
#
|
|
50
|
+
# # or if the resource's table already exists, define a migration and put this in:
|
|
51
|
+
# change_table :the_resources do |t|
|
|
52
|
+
# t.string :unique_session_id, :limit => 20
|
|
53
|
+
# end
|
|
54
|
+
#
|
|
55
|
+
def session_limitable
|
|
56
|
+
apply_devise_schema :unique_session_id, String, :limit => 20
|
|
57
|
+
end
|
|
39
58
|
end
|
|
40
59
|
end
|
|
@@ -12,7 +12,7 @@ module DeviseSecurityExtension
|
|
|
12
12
|
" # config.expire_password_after = false\n\n" +
|
|
13
13
|
" # Need 1 char of A-Z, a-z and 0-9\n" +
|
|
14
14
|
" # config.password_regex = /(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])/\n\n" +
|
|
15
|
-
" # How
|
|
15
|
+
" # How many passwords to keep in archive\n" +
|
|
16
16
|
" # config.password_archiving_count = 5\n\n" +
|
|
17
17
|
" # Deny old password (true, false, count)\n" +
|
|
18
18
|
" # config.deny_old_passwords = true\n\n" +
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_security_extension
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,23 +9,22 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2011-
|
|
13
|
-
default_executable:
|
|
12
|
+
date: 2011-12-27 00:00:00.000000000 Z
|
|
14
13
|
dependencies:
|
|
15
14
|
- !ruby/object:Gem::Dependency
|
|
16
15
|
name: rails
|
|
17
|
-
requirement: &
|
|
16
|
+
requirement: &8681980 !ruby/object:Gem::Requirement
|
|
18
17
|
none: false
|
|
19
18
|
requirements:
|
|
20
19
|
- - ! '>='
|
|
21
20
|
- !ruby/object:Gem::Version
|
|
22
|
-
version: 3.
|
|
21
|
+
version: 3.1.1
|
|
23
22
|
type: :runtime
|
|
24
23
|
prerelease: false
|
|
25
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *8681980
|
|
26
25
|
- !ruby/object:Gem::Dependency
|
|
27
26
|
name: devise
|
|
28
|
-
requirement: &
|
|
27
|
+
requirement: &8706740 !ruby/object:Gem::Requirement
|
|
29
28
|
none: false
|
|
30
29
|
requirements:
|
|
31
30
|
- - ! '>='
|
|
@@ -33,10 +32,10 @@ dependencies:
|
|
|
33
32
|
version: '0'
|
|
34
33
|
type: :runtime
|
|
35
34
|
prerelease: false
|
|
36
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *8706740
|
|
37
36
|
- !ruby/object:Gem::Dependency
|
|
38
37
|
name: rails_email_validator
|
|
39
|
-
requirement: &
|
|
38
|
+
requirement: &8705420 !ruby/object:Gem::Requirement
|
|
40
39
|
none: false
|
|
41
40
|
requirements:
|
|
42
41
|
- - ! '>='
|
|
@@ -44,10 +43,10 @@ dependencies:
|
|
|
44
43
|
version: '0'
|
|
45
44
|
type: :development
|
|
46
45
|
prerelease: false
|
|
47
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *8705420
|
|
48
47
|
- !ruby/object:Gem::Dependency
|
|
49
48
|
name: easy_captcha
|
|
50
|
-
requirement: &
|
|
49
|
+
requirement: &8703760 !ruby/object:Gem::Requirement
|
|
51
50
|
none: false
|
|
52
51
|
requirements:
|
|
53
52
|
- - ! '>='
|
|
@@ -55,10 +54,10 @@ dependencies:
|
|
|
55
54
|
version: '0'
|
|
56
55
|
type: :development
|
|
57
56
|
prerelease: false
|
|
58
|
-
version_requirements: *
|
|
57
|
+
version_requirements: *8703760
|
|
59
58
|
- !ruby/object:Gem::Dependency
|
|
60
59
|
name: bundler
|
|
61
|
-
requirement: &
|
|
60
|
+
requirement: &8721740 !ruby/object:Gem::Requirement
|
|
62
61
|
none: false
|
|
63
62
|
requirements:
|
|
64
63
|
- - ~>
|
|
@@ -66,10 +65,10 @@ dependencies:
|
|
|
66
65
|
version: 1.0.0
|
|
67
66
|
type: :development
|
|
68
67
|
prerelease: false
|
|
69
|
-
version_requirements: *
|
|
68
|
+
version_requirements: *8721740
|
|
70
69
|
- !ruby/object:Gem::Dependency
|
|
71
70
|
name: jeweler
|
|
72
|
-
requirement: &
|
|
71
|
+
requirement: &8719720 !ruby/object:Gem::Requirement
|
|
73
72
|
none: false
|
|
74
73
|
requirements:
|
|
75
74
|
- - ~>
|
|
@@ -77,18 +76,7 @@ dependencies:
|
|
|
77
76
|
version: 1.5.2
|
|
78
77
|
type: :development
|
|
79
78
|
prerelease: false
|
|
80
|
-
version_requirements: *
|
|
81
|
-
- !ruby/object:Gem::Dependency
|
|
82
|
-
name: rcov
|
|
83
|
-
requirement: &14757260 !ruby/object:Gem::Requirement
|
|
84
|
-
none: false
|
|
85
|
-
requirements:
|
|
86
|
-
- - ! '>='
|
|
87
|
-
- !ruby/object:Gem::Version
|
|
88
|
-
version: '0'
|
|
89
|
-
type: :development
|
|
90
|
-
prerelease: false
|
|
91
|
-
version_requirements: *14757260
|
|
79
|
+
version_requirements: *8719720
|
|
92
80
|
description: a gem for extend devise for more password security
|
|
93
81
|
email: team@phatworx.de
|
|
94
82
|
executables: []
|
|
@@ -112,10 +100,12 @@ files:
|
|
|
112
100
|
- lib/devise_security_extension.rb
|
|
113
101
|
- lib/devise_security_extension/controllers/helpers.rb
|
|
114
102
|
- lib/devise_security_extension/hooks/password_expirable.rb
|
|
103
|
+
- lib/devise_security_extension/hooks/session_limitable.rb
|
|
115
104
|
- lib/devise_security_extension/models/old_password.rb
|
|
116
105
|
- lib/devise_security_extension/models/password_archivable.rb
|
|
117
106
|
- lib/devise_security_extension/models/password_expirable.rb
|
|
118
107
|
- lib/devise_security_extension/models/secure_validatable.rb
|
|
108
|
+
- lib/devise_security_extension/models/session_limitable.rb
|
|
119
109
|
- lib/devise_security_extension/orm/active_record.rb
|
|
120
110
|
- lib/devise_security_extension/patches.rb
|
|
121
111
|
- lib/devise_security_extension/patches/controller_captcha.rb
|
|
@@ -125,7 +115,6 @@ files:
|
|
|
125
115
|
- lib/generators/devise_security_extension/install_generator.rb
|
|
126
116
|
- test/helper.rb
|
|
127
117
|
- test/test_devise_security_extension.rb
|
|
128
|
-
has_rdoc: true
|
|
129
118
|
homepage: http://github.com/phatworx/devise_security_extension
|
|
130
119
|
licenses:
|
|
131
120
|
- MIT
|
|
@@ -141,7 +130,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
141
130
|
version: '0'
|
|
142
131
|
segments:
|
|
143
132
|
- 0
|
|
144
|
-
hash:
|
|
133
|
+
hash: -1699892809294021618
|
|
145
134
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
146
135
|
none: false
|
|
147
136
|
requirements:
|
|
@@ -150,7 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
150
139
|
version: '0'
|
|
151
140
|
requirements: []
|
|
152
141
|
rubyforge_project:
|
|
153
|
-
rubygems_version: 1.
|
|
142
|
+
rubygems_version: 1.8.10
|
|
154
143
|
signing_key:
|
|
155
144
|
specification_version: 3
|
|
156
145
|
summary: an security extension for devise
|