devise_security_extension 0.5.0 → 0.5.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +19 -13
- data/Rakefile +3 -3
- data/VERSION +1 -1
- data/devise_security_extension.gemspec +4 -4
- metadata +18 -16
data/README.rdoc
CHANGED
|
@@ -4,16 +4,20 @@ An enterprise security extension for devise, trying to meet industrial standard
|
|
|
4
4
|
|
|
5
5
|
== Features
|
|
6
6
|
|
|
7
|
-
* expire passwords (update password with current password)
|
|
8
|
-
* strong password validation
|
|
9
|
-
* save old passwords to protect users from assigning old/expired passwords again
|
|
10
7
|
* captcha support for sign_up, sign_in, recover and unlock (to make automated mass creation and brute forcing of accounts harder)
|
|
11
8
|
|
|
9
|
+
=== Model modules
|
|
10
|
+
|
|
11
|
+
* :password_expirable - passwords will expire after a configured time (and will need an update)
|
|
12
|
+
* :secure_validatable - better way to validate model (email, stronger password validation). don't use with :validatable!
|
|
13
|
+
* :password_archivable - save used password in an old_passwords table for history checks (don't be able to use a formerly used password)
|
|
14
|
+
* :session_limitable - ensures, that there is only one session usable per account at once.
|
|
15
|
+
|
|
12
16
|
== Installation
|
|
13
17
|
add to Gemfile
|
|
14
18
|
gem 'devise_security_extension'
|
|
15
19
|
|
|
16
|
-
after bundle
|
|
20
|
+
after bundle install
|
|
17
21
|
rails g devise_security_extension:install
|
|
18
22
|
|
|
19
23
|
for :secure_validatable you need to add
|
|
@@ -59,13 +63,8 @@ for :secure_validatable you need to add
|
|
|
59
63
|
<p><%= captcha_tag %></p>
|
|
60
64
|
<p><%= text_field_tag :captcha %></p>
|
|
61
65
|
|
|
62
|
-
That's
|
|
66
|
+
That's it!
|
|
63
67
|
|
|
64
|
-
== Model modules
|
|
65
|
-
|
|
66
|
-
* :password_expirable - activate that passwords will expire
|
|
67
|
-
* :secure_validatable - better way to validate model. don't use with :validatable!!!
|
|
68
|
-
* :password_archivable - save password in old_passwords for history checks
|
|
69
68
|
|
|
70
69
|
== Schema
|
|
71
70
|
|
|
@@ -75,13 +74,19 @@ That's all!
|
|
|
75
74
|
t.password_expirable
|
|
76
75
|
end
|
|
77
76
|
|
|
78
|
-
=== Password
|
|
77
|
+
=== Password archivable
|
|
79
78
|
|
|
80
79
|
create_table :old_passwords do |t|
|
|
81
80
|
t.password_archivable
|
|
82
81
|
end
|
|
83
82
|
add_index :old_passwords, [:password_archivable_type, :password_archivable_id], :name => :index_password_archivable
|
|
84
83
|
|
|
84
|
+
=== Session limitable
|
|
85
|
+
|
|
86
|
+
create_table :the_resources do |t|
|
|
87
|
+
t.session_limitable
|
|
88
|
+
end
|
|
89
|
+
|
|
85
90
|
== Requirements
|
|
86
91
|
|
|
87
92
|
* devise (https://github.com/plataformatec/devise)
|
|
@@ -97,11 +102,13 @@ That's all!
|
|
|
97
102
|
* 0.2 strong password validation
|
|
98
103
|
* 0.3 password archivable with validation
|
|
99
104
|
* 0.4 captcha support for sign_up, sign_in, recover and unlock
|
|
105
|
+
* 0.5 session_limitable module
|
|
100
106
|
|
|
101
107
|
== Maintainers
|
|
102
108
|
|
|
103
109
|
* Team Phatworx (http://github.com/phatworx)
|
|
104
110
|
* Marco Scholl (http://github.com/traxanos)
|
|
111
|
+
* Alexander Dreher (http://github.com/alexdreher)
|
|
105
112
|
|
|
106
113
|
== Contributing to devise_security_extension
|
|
107
114
|
|
|
@@ -115,5 +122,4 @@ That's all!
|
|
|
115
122
|
|
|
116
123
|
== Copyright
|
|
117
124
|
|
|
118
|
-
Copyright (c) 2011 Marco Scholl. See LICENSE.txt for
|
|
119
|
-
further details.
|
|
125
|
+
Copyright (c) 2011 Marco Scholl. See LICENSE.txt for further details.
|
data/Rakefile
CHANGED
|
@@ -15,10 +15,10 @@ Jeweler::Tasks.new do |gem|
|
|
|
15
15
|
gem.name = "devise_security_extension"
|
|
16
16
|
gem.homepage = "http://github.com/phatworx/devise_security_extension"
|
|
17
17
|
gem.license = "MIT"
|
|
18
|
-
gem.summary = %Q{
|
|
19
|
-
gem.description = %Q{
|
|
18
|
+
gem.summary = %Q{Security extension for devise}
|
|
19
|
+
gem.description = %Q{An enterprise security extension for devise, trying to meet industrial standard security demands for web applications.}
|
|
20
20
|
gem.email = "team@phatworx.de"
|
|
21
|
-
gem.authors = ["Marco Scholl"]
|
|
21
|
+
gem.authors = ["Marco Scholl", "Alexander Dreher"]
|
|
22
22
|
end
|
|
23
23
|
Jeweler::RubygemsDotOrgTasks.new
|
|
24
24
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.5.
|
|
1
|
+
0.5.1
|
|
@@ -5,12 +5,12 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = "devise_security_extension"
|
|
8
|
-
s.version = "0.5.
|
|
8
|
+
s.version = "0.5.1"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
|
-
s.authors = ["Marco Scholl"]
|
|
11
|
+
s.authors = ["Marco Scholl", "Alexander Dreher"]
|
|
12
12
|
s.date = "2011-12-27"
|
|
13
|
-
s.description = "
|
|
13
|
+
s.description = "An enterprise security extension for devise, trying to meet industrial standard security demands for web applications."
|
|
14
14
|
s.email = "team@phatworx.de"
|
|
15
15
|
s.extra_rdoc_files = [
|
|
16
16
|
"LICENSE.txt",
|
|
@@ -52,7 +52,7 @@ Gem::Specification.new do |s|
|
|
|
52
52
|
s.licenses = ["MIT"]
|
|
53
53
|
s.require_paths = ["lib"]
|
|
54
54
|
s.rubygems_version = "1.8.10"
|
|
55
|
-
s.summary = "
|
|
55
|
+
s.summary = "Security extension for devise"
|
|
56
56
|
s.test_files = [
|
|
57
57
|
"test/helper.rb",
|
|
58
58
|
"test/test_devise_security_extension.rb"
|
metadata
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_security_extension
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.1
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- Marco Scholl
|
|
9
|
+
- Alexander Dreher
|
|
9
10
|
autorequire:
|
|
10
11
|
bindir: bin
|
|
11
12
|
cert_chain: []
|
|
@@ -13,7 +14,7 @@ date: 2011-12-27 00:00:00.000000000 Z
|
|
|
13
14
|
dependencies:
|
|
14
15
|
- !ruby/object:Gem::Dependency
|
|
15
16
|
name: rails
|
|
16
|
-
requirement: &
|
|
17
|
+
requirement: &16685220 !ruby/object:Gem::Requirement
|
|
17
18
|
none: false
|
|
18
19
|
requirements:
|
|
19
20
|
- - ! '>='
|
|
@@ -21,10 +22,10 @@ dependencies:
|
|
|
21
22
|
version: 3.1.1
|
|
22
23
|
type: :runtime
|
|
23
24
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
25
|
+
version_requirements: *16685220
|
|
25
26
|
- !ruby/object:Gem::Dependency
|
|
26
27
|
name: devise
|
|
27
|
-
requirement: &
|
|
28
|
+
requirement: &16683580 !ruby/object:Gem::Requirement
|
|
28
29
|
none: false
|
|
29
30
|
requirements:
|
|
30
31
|
- - ! '>='
|
|
@@ -32,10 +33,10 @@ dependencies:
|
|
|
32
33
|
version: '0'
|
|
33
34
|
type: :runtime
|
|
34
35
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
36
|
+
version_requirements: *16683580
|
|
36
37
|
- !ruby/object:Gem::Dependency
|
|
37
38
|
name: rails_email_validator
|
|
38
|
-
requirement: &
|
|
39
|
+
requirement: &16682360 !ruby/object:Gem::Requirement
|
|
39
40
|
none: false
|
|
40
41
|
requirements:
|
|
41
42
|
- - ! '>='
|
|
@@ -43,10 +44,10 @@ dependencies:
|
|
|
43
44
|
version: '0'
|
|
44
45
|
type: :development
|
|
45
46
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
47
|
+
version_requirements: *16682360
|
|
47
48
|
- !ruby/object:Gem::Dependency
|
|
48
49
|
name: easy_captcha
|
|
49
|
-
requirement: &
|
|
50
|
+
requirement: &16681140 !ruby/object:Gem::Requirement
|
|
50
51
|
none: false
|
|
51
52
|
requirements:
|
|
52
53
|
- - ! '>='
|
|
@@ -54,10 +55,10 @@ dependencies:
|
|
|
54
55
|
version: '0'
|
|
55
56
|
type: :development
|
|
56
57
|
prerelease: false
|
|
57
|
-
version_requirements: *
|
|
58
|
+
version_requirements: *16681140
|
|
58
59
|
- !ruby/object:Gem::Dependency
|
|
59
60
|
name: bundler
|
|
60
|
-
requirement: &
|
|
61
|
+
requirement: &16696860 !ruby/object:Gem::Requirement
|
|
61
62
|
none: false
|
|
62
63
|
requirements:
|
|
63
64
|
- - ~>
|
|
@@ -65,10 +66,10 @@ dependencies:
|
|
|
65
66
|
version: 1.0.0
|
|
66
67
|
type: :development
|
|
67
68
|
prerelease: false
|
|
68
|
-
version_requirements: *
|
|
69
|
+
version_requirements: *16696860
|
|
69
70
|
- !ruby/object:Gem::Dependency
|
|
70
71
|
name: jeweler
|
|
71
|
-
requirement: &
|
|
72
|
+
requirement: &16692820 !ruby/object:Gem::Requirement
|
|
72
73
|
none: false
|
|
73
74
|
requirements:
|
|
74
75
|
- - ~>
|
|
@@ -76,8 +77,9 @@ dependencies:
|
|
|
76
77
|
version: 1.5.2
|
|
77
78
|
type: :development
|
|
78
79
|
prerelease: false
|
|
79
|
-
version_requirements: *
|
|
80
|
-
description:
|
|
80
|
+
version_requirements: *16692820
|
|
81
|
+
description: An enterprise security extension for devise, trying to meet industrial
|
|
82
|
+
standard security demands for web applications.
|
|
81
83
|
email: team@phatworx.de
|
|
82
84
|
executables: []
|
|
83
85
|
extensions: []
|
|
@@ -130,7 +132,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
130
132
|
version: '0'
|
|
131
133
|
segments:
|
|
132
134
|
- 0
|
|
133
|
-
hash:
|
|
135
|
+
hash: 2266778624520241726
|
|
134
136
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
135
137
|
none: false
|
|
136
138
|
requirements:
|
|
@@ -142,7 +144,7 @@ rubyforge_project:
|
|
|
142
144
|
rubygems_version: 1.8.10
|
|
143
145
|
signing_key:
|
|
144
146
|
specification_version: 3
|
|
145
|
-
summary:
|
|
147
|
+
summary: Security extension for devise
|
|
146
148
|
test_files:
|
|
147
149
|
- test/helper.rb
|
|
148
150
|
- test/test_devise_security_extension.rb
|